Hi, I have a kernel 2.6.31 with the Tomoyo wildcard patch running for almost a year now. Now I would like to upgrade to 2.6.35 or 2.6.36 if available soon. I saw on the site for 2.3 that the policy is not compatible any more - but as I can see from the syntax this should only be true for an automatic upgrade, not for a manual upgrade? At the moment I use Tomoyo by doing: Start with an empty policy: tomoyo-loadpolicy ef /etc/tomoyo/myhost/ tomoyo-loadpolicy df /etc/tomoyo/myhost/ For each process I want to protect I load the policy cat /etc/tomoyo/myhost/root-sshd.e.conf | tomoyo-loadpolicy -e cat /etc/tomoyo/myhost/root-sshd.d.conf | tomoyo-loadpolicy -d I execute these lines whenever I do changes or add a new process. What is the best way to do an upgrade now? For .35 I thought about: - install newest 2.2 tools - install new kernel - set "use_profile 2" for all processes - reboot with kernel .35 - fix all issues because of new rights - set "use_profile 3" for all processes Does this work? What about .36 / Tomoyo 2.3? - install newest 2.3 tools - install new kernel - execute /usr/lib/tomoyo/init_policy - reboot with kernel .36 Is it possible to load my old policy (with use_profile 2) now? Starting from scratch again would be a nightmare. Thanks a lot, Thomas
TOMOYO
Fork