RE boot: make TOMOYO boot quickly (2007-09-30 10:19 by Anonymous #32574)
I just looked into the ccs-init file, there's boot option CCS=$profile_select already, and it works well:
......
Calling /sbin/ccs-init to load policy. Please wait.
Clocksource tsc unstable (delta = 296800939 ns)
Time: pit clocksource has been installed.
Allow mount fuseblk on /mnt/hda1/ with options 0x406.
SAKURA: 1.5.0 2007/09/20
TOMOYO: 1.5.0 2007/09/20
Mandatory Access Control activated.
......
it will be convenient for user to put this feature clearly in the inatallation document.
RE doc: make TOMOYO boot quickly (2007-09-30 10:52 by Anonymous #32577)
ccs-init is not need to be modified indeed.
# GRUB menu
title LFS 6.3 Kernel 2.6.22.9-cfs-v22-ccs
kernel (hd0,7)/boot/lfskernel-2.6.22.9-cfs-v22-ccs root=/dev/hda8 vga=791 video=neofb:ywrap,mtrr acpi=off CCS=file
this menu will make TOMOYO load /etc/ccs/profile-file.conf without 10 seconds being wasted. ccs-init is very clever working in this way . it would be better to tell the user in the installation document:
1. prepare /etc/ccs/profile-$profile_select.conf first.
2. then use CCS=$profile_select in the boot menu.
RE: RE CCS=default: make TOMOYO boot quickly (2007-09-30 12:21 by kumaneko #32579)
> CCS=boottest <what this mean go here>
You can use it when you don't have /etc/ccs/profile.conf .
Current document asks you to run /usr/lib/ccs/init_policy.sh
to create /etc/ccs/profile.conf before rebooting with TOMOYO Linux's kernel,
thus "CCS=boottest" is no longer needed.
RE: make TOMOYO boot quickly (2007-10-01 13:51 by kumaneko #32599)
> 1. make TOMOYO boot quickly
>
> it would be a waste of time to wait 10 seconds for the disable input at boot time:
In embedded systems, it it difficult to modify kernel commandline;
some systems have to embed commandline at kernel compilation time.
Thus, it is more convenient for embedded systems to be able to
select access control mode at runtime.
I don't want to modify kernel's commandline.
If you prefer 'not to show prompt by default'
and 'show prompt only if "CCS=ask" is given at kernel commandline',
it is possible to modify so.
In that case, will the timeout feature become unneeded?
> 2. there is a same problem with ccs-queryd :
>
> if 'a' is the user input, wait for an Enter.
> maybe having a command line option like 'ccs-queryd -a` to bypass the Enter.
It is impossible to bypass Enter key for 'a'
because ccs-queryd allows you to edit a line (to make patterns if you want)
before appending the line into policy.
RE ask: make TOMOYO boot quickly (2007-10-01 15:57 by Anonymous #32602)
1. if embedded system could not set CCS boot parameter for kernel commandline, it has to wait for the prompt, while ordinary system need not wait for the prompt.
console uses vga=ask boot option, it list some vga mode to select from. CCS=ask could follow this way: list each available /etc/profile*.conf as choice and a diable as the last choice.
and after anything other than default especially the disable being selected, what about let TOMOYO chanlenge the user for root password?
drivers/video/console/Kconfig:
config VIDEO_SELECT
bool "Video mode selection support"
depends on X86 && VGA_CONSOLE
---help---
This enables support for text mode selection on kernel startup. If
you want to take advantage of some high-resolution text mode your
card's BIOS offers, but the traditional Linux utilities like
SVGATextMode don't, you can say Y here and set the mode using the
"vga=" option from your boot loader (lilo or loadlin) or set
"vga=ask" which brings up a video mode menu on kernel startup. (Try
"man bootparam" or see the documentation of your boot loader about
how to pass options to the kernel.)
2. I suggest add a command line option for ccs-queryd, for example '-a'
if run "ccs-queryd" without -a as option just stop and let user edit if necessary. if run "ccs-queryd -a" with option -a, no edit any more.