Enable TOMOYO by default

Question

Enable TOMOYO by default

Closed this issue 8 years ago · 4 comments

x4rxes commented 8 years ago

Used to be on linux-grsec.

Answer 1 · 2017-05-28T13:59:32.000Z

That's outside the scope of this project, it's a downstream packaging choice.

Answer 2 · 2017-05-29T07:54:13.000Z

@thestinger do you consider enabling yama a downstream packaging choice as well?

Answer 3 · 2017-05-29T08:00:21.000Z

Yama doesn't require userspace integration. On the other hand enabling TOMOYO by default here wouldn't accomplish anything and doesn't make any sense. Regardless, changing the defaults here doesn't actively change downstream configuration and isn't important. It only impacts the defaults in freshly generated configuration, not a new configuration derived from a previous one. Configuration is always going to be a downstream choice. It isn't going to be forced unless there's truly no reason to have something available as a configuration option.

Answer 4 · 2017-07-25T20:19:02.000Z

Right, TOMOYO, as any Mandatory Access Control, requires the active use of its Policy Editor:
the default profile "0", also known as "Disabled Mode", is completely unrestricted.