[tomoyo-users-en 231] Re: Tomoyo as a desktop firewall

Zurück zum Archiv-Index
Jamie Nguyen dysco****@gmail*****
Mon Nov 8 05:25:45 JST 2010


Laurence Darby wrote:
> Another issue is that I think the kernel's state and the on disk config
> should be synchronised, ie. ccs-savepolicy should be called every time
> a change is made, because I don't want to have to remember there is
> unsaved state in the kernel.  That'll be another one line patch to
> ccs-queryd :)
>
> Regards,
> Laurence

I think there are good reasons for why they are not synchronized. It
is useful when making temporary changes that you don't wish to be
loaded on the next session, for example allowing an application
one-time access to a certain resource for that session. Also, I think
the idea is that you can mess around with the policy until you're
happy and only after running ccs-savepolicy will it be saved, which
makes it much easier to revert changes.

Kind regards




More information about the tomoyo-users-en mailing list
Zurück zum Archiv-Index