2014-06-19 04:58:48 UTC
Quick question - I need to do a large scale deployment of tomoyo. Problem
is that the policy files are deployed and managed by puppet/chef and
there's no perfect way to guarantee that they may not be corrupt (imagine
power interruption during puppet update).
I've written shutdown scripts that does syntax check before halt/restart,
and I've modified the grub menu entry to allow a kernel command line
without tomoyo enabled just in case kernel panic occurs.
All that said, is there any sane way to ensure that tomoyo doesn't cause
kernel panic on boot due to policy issues? I can start with no policy but
that requires manual bypass. Maybe the ability to automate the bypass?
-------------- next part --------------
An HTML attachment was scrubbed...