Section: System Administration Utilities (8) Updated: April 2011 Local index
tomoyo-init - Load TOMOYO Linux's policy automatically
This program is automatically called to load policy from files into kernel when /sbin/init starts.
This program copies the following files.
/etc/tomoyo/exception_policy.conf => /sys/kernel/security/tomoyo/exception_policy
/etc/tomoyo/domain_policy.conf => /sys/kernel/security/tomoyo/domain_policy
/etc/tomoyo/profile.conf => /sys/kernel/security/tomoyo/profile
/etc/tomoyo/manager.conf => /sys/kernel/security/tomoyo/manager
/etc/tomoyo/meminfo.conf => /sys/kernel/security/tomoyo/meminfo
If /etc/tomoyo/tomoyo-post-init is an executable file, /etc/tomoyo/tomoyo-post-init is also executed.
You can use /etc/tomoyo/tomoyo-post-init for additional initialization purpose.
For example, you can write
echo manage_by_non_root > /sys/kernel/security/tomoyo/manager
chown -R demo /sys/kernel/security/tomoyo/
in the /etc/tomoyo/tomoyo-post-init and chown/chmod like
chown -R demo /etc/tomoyo/
to allow policy management by user "demo" as well as user "root".
If something went wrong, a prompt is shown so that the administrator can take action before the kernel gets panic.
You don't need to invoke this program manually.
To load policy after /sbin/init starts, use tomoyo-loadpolicy instead.
penguin-kernel _at_ I-love.SAKURA.ne.jp
Copyright © 2005-2010 NTT DATA CORPORATION.
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
This document was created by
using the manual pages.
Time: 22:02:31 GMT, April 16, 2011