OSDN -- Développer et télécharger des logiciels Open Source
Traduction statut du Français translation status for fr

[tomoyo-dev-en 285] Re: systemd support

Back to archive index

Tetsuo Handa from-****@I-lov*****
Fri Jun 17 16:51:52 JST 2011 

Jamie Nguyen wrote:
> If a service has "Type=forking", then $MAINPID can either be
> determined from a PID file provided by the program, or systemd does
> some kind of magic to guess what $MAINPID is. The default is to guess.
> I'm running revision 5131 and it is working fine.

OK.

> I have restarted the service several times and it appears that systemd
> is able to guess $MAINPID correctly every time.

I used SIGHUP as a trigger for reloading the configuration file rather than
re-executing the program. It does not cause fork() nor execve(). So, systemd
will not fail to guess.



> On an unrelated note, I think I've spotted a bug. Creating a second
> namespace works fine, but creating a third namespace seems to cause
> some issue with profiles. The policy within "/etc/ccs/policy/"
> directory is correct, but "/etc/ccs/profile.conf" is not updated to
> reflect the third namespace.

/etc/ccs/{domain_policy,exception_policy,profile,manager}.conf are symlinks to
policy/current/{domain_policy,exception_policy,profile,manager}.conf .
I think ccs-editpolicy nor ccs-savepolicy touches /etc/ccs/profile.conf .

/etc/ccs/profile.conf has changed from a symlink to a regular file by some
reason?



Tetsuo Handa wrote:
> > 2) The profile editor screen doesn't work as expected when doing
> > "ccs-editpolicy /etc/ccs". Pressing "s" to edit for example the
> > "3-PREFERENCE" line to have "enforcing_penalty=5" results in two lines
> > that start with "3-PREFERENCE", instead of replacing the line that is
> > being edited.
> 
> That is due to lazy implementation in order to absorb differences in the parser
> used by the TOMOYO 1.8.x kernels. Keywords may be added within TOMOYO 1.8.x but
> the userspace tools should not ignore the line even if it does not know how to
> parse the line. Thus, offline mode is almost doing only "echo $line >> $file"
> for addition and "grep -vF $line $file" for deletion because invalid lines will
> be ignored and old values will be overwritten when parsed by the kernel.
> 
> But in order to save lines when embedding policy into the kernel, offline mode
> should start using parsers which the kernel uses.

Done in revision 5135.


More information about the tomoyo-dev-en mailing list
Back to archive index