Poster of Linux kernelThe best gift for a Linux geek
TOMOYO-LOADPOLICY

TOMOYO-LOADPOLICY

Section: System Administration Utilities (8) Updated: April 2011
Local index Up
 

NAME

tomoyo-loadpolicy - Load TOMOYO Linux's policy manually  

SYNOPSIS

tomoyo-loadpolicy [e][d][a][f][p][m][u] [{-|policy_dir} [remote_ip:remote_port]]  

DESCRIPTION

This program loads TOMOYO Linux's policy from files or standard input into kernel.
e
Load exception policy. ( policy_dir/exception_policy.conf => /sys/kernel/security/tomoyo/exception_policy )
d
Load domain policy. ( policy_dir/domain_policy.conf => /sys/kernel/security/tomoyo/domain_policy )
a
Load exception policy and domain policy.
p
Load profile. ( policy_dir/profile.conf => /sys/kernel/security/tomoyo/profile )
m
Load manager. ( policy_dir/manager.conf => /sys/kernel/security/tomoyo/manager )
u
Load meminfo. ( policy_dir/meminfo.conf => /sys/kernel/security/tomoyo/meminfo )
f
Erase on-memory policy before loading on-disk policy. If not specified, on-disk policy is appended to on-memory policy. This option is valid for "eda" options.
-
Read policy from stdin. Specify only one of "edpmu" option when you use this option.
policy_dir
Load policy files from policy_dir directory. Must starts with / . Default is none if remote_ip:remote_port is specified, /etc/tomoyo/ otherwise.
remote_ip:remote_port
Send policy to agent listening at specified IP address and port number.
 

EXAMPLES

# echo "allow_read /proc/meminfo" | tomoyo-loadpolicy -e

Add "allow_read /proc/meminfo" to exception policy.

# echo "delete allow_read /proc/meminfo" | tomoyo-loadpolicy -e

Remove "allow_read /proc/meminfo" from exception policy.

# ( echo "<kernel>"; echo "allow_execute /sbin/init" ) | tomoyo-loadpolicy -d

Add "allow_execute /sbin/init" to "<kernel>" domain.

# tomoyo-loadpolicy df

Replace currently loaded domain policy with policy_dir/domain_policy.conf .

# tomoyo-loadpolicy d

Append policy_dir/domain_policy.conf into currently loaded domain policy.

# tomoyo-loadpolicy d /etc/tomoyo/192.168.1.1/ 192.168.1.1:10000

Append /etc/tomoyo/192.168.1.1/domain_policy.conf to 192.168.11.1:10000 .
 

NOTES


 You need to register either path to this program ( /usr/sbin/tomoyo-loadpolicy ) or a domain for this program in /sys/kernel/security/tomoyo/manager before invoking this program.  

AUTHORS


 penguin-kernel _at_ I-love.SAKURA.ne.jp  

COPYRIGHT

Copyright © 2005-2010 NTT DATA CORPORATION.

This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty.  

SEE ALSO


 tomoyo-init (8)
 tomoyo-editpolicy-agent (8)


 

Index

NAME
SYNOPSIS
DESCRIPTION
EXAMPLES
NOTES
AUTHORS
COPYRIGHT
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 22:02:31 GMT, April 16, 2011