Hello. Ryan Seu wrote: > Notice that upon restart, it seems like the preference gets overwritten and > a mode=disabled (16) entry gets created. So the question is, if according > to the man page for tomoyo-init all that's done is load the > /etc/tomoyo/profile (along with the other policy files) into the kernel > memory, where does these extra entries get added? These extra entries are kernel's default configuration. > Does tomoyo disable enforcement mode by default? Kernel's default configuration is mode=disabled. Please read http://tomoyo.sourceforge.jp/2.5/chapter-9.html for details of profile settings. You are specifying only category-specific configuration and functionality-specific configuration. You did not specify default configuration which will be used unless overwritten by category-specific or functionality-specific configuration. > Or rather, is it because profile #3 implicitly includes the syscall types > and not explicitly declares the parent it gets automatically added? Right. Regards.