TOMOYO
ForkHello.
Laurence Darby wrote:
> The main issue is that ccs-queryd needs to be left running continuously,
> and popup when needed. Here is a silly patch that makes it do this, so
> you can see what I mean:
Does /usr/lib/ccs/ccs-notifyd help?
This program can give you grace period to launch /usr/sbin/ccs-queryd .
You can add /usr/lib/ccs/ccs-notifyd to /proc/ccs/manager and start
/usr/lib/ccs/ccs-notifyd 30 '/path/to/xmessage -file -'
at user login.
Above example will give you 30 seconds for starting /usr/sbin/ccs-queryd .
> Another issue is that I think the kernel's state and the on disk config
> should be synchronised, ie. ccs-savepolicy should be called every time
> a change is made, because I don't want to have to remember there is
> unsaved state in the kernel. That'll be another one line patch to
> ccs-queryd :)
Sorry. It is impossible for TOMOYO. Unlike other implementations,
TOMOYO not only allows you to interactively manipulate policy on the fly
but also automatically creates domains and accumulates policy.
This means that kernel's memory ( /proc/ccs/ directory) holds master data
and file's content ( /etc/ccs/ directory) holds backups.
Therefore, adding
system("/usr/sbin/ccs-savepolicy")
to /usr/sbin/ccs-queryd is not sufficient for synchronizing.
You may execute /usr/sbin/ccs-savepolicy from shutdown script (e.g.
/etc/init.d/halt /etc/init.d/reboot ) if you want to make backups automatically.
You can select which backup to use by changing symlink's targets.
Regards.