Just for kicks and some educational benefit, I decided to use TOMOYO to see MAC security in action. I really enjoy how seamlessly it integrates with the systemd mounting process (kudos to the devs for the hard work). Honestly, I don't really need the extra security for practical purposes. I guess all I really want from it is to save me from myself--if I were to ever do "rm -r /", I want the destruction to be as minimal as possible.
My problem is that I don't understand how to "fine-tune" policies. All I've done is set the kernel and some "lower-level" userland applications (like the X server) to "learning mode", and I've read about what the tomoyo-editpolicy program does. No guide I've found goes further than this other than to say, after running your system like normal for some time, you should go back and refine these automatic policies. But they never say what to look for or give any idea of what a "proper" policy looks like (the "sample policy" has everything in learning mode). Google isn't much help. I mostly find SELinux-specific guides with more bent on the "what" than the "why" of policies. Even if they do explain well (like Arch's and Fedora's wikis), the entire point of doing TOMOYO was to avoid SELinux's complexity.
So can a guru of MAC systems of any kind give me some tips or point me in the right direction?