2014-12-18 22:33:42 UTC
Can anyone provide more information on how tomoyo-loadpolicy behaves? I can
probably look through the code but figure I would ask here first.
We're managing tomoyo via puppet and we're trying to figure out how to
load/update policy in a clean and safe manner.
We invoke the loadpolicy periodically via a cron job which is managed by
puppet. Unfortunately we also protect cron behind tomoyo which means that
when we use the overwrite flag (-ef) everything that's currently applied
gets flushed and things go to a complete lockdown mode.
What's the functional difference between -ef and -e? How does the appending
work? What I made changes to the full existing policy and try to load it?