Man Linux: Main Page and Category List

NAME

       ccs-queryd - Handle TOMOYO Linux’s delayed enforcing mode

SYNOPSIS

       ccs-queryd [--no-update|--ask-update|remote_ip:remote_port]

DESCRIPTION

       This  program  detects  policy violation in enforcing mode and displays
       the access request. You can tell the system whether the access  request
       should  be  granted  (or granted and policy should be appended to grant
       the access request) or rejected after you validate the access  request.

       By  running  this program while updating packages, you can avoid errors
       due to insufficient permissions.

       Never grant  access  requests  unconditionally.  The  cause  of  policy
       violation  is  not  always  updating  packages,  but  may  by malicious
       requests by attackers. If you grant access requests caused by malicious
       requests by attackers, the system gets intruded.

       If  you  don’t  give  --no-update  option,  this  program  also detects
       pathname changes of globally readable files.  If you give  --ask-update
       option,  this  program  asks  you  whether  or  not  to  append created
       pathnames which are registered in /etc/ld.so.cache to globally readable
       files,  and  asks  you  whether or not to remove deleted pathnames from
       globally  readable  files.   If  you   omit   options,   this   program
       automatically   appends  created  pathnames  which  are  registered  in
       /etc/ld.so.cache to globally readable files, and automatically  removes
       deleted pathnames from globally readable files.

       By  running  this  program  without  --no-update  option, you can avoid
       errors like "unable to start applications because shared libraries  are
       unreadable"  when the pathnames of shared libraries accessed by general
       programs has changed.

       remote_ip:remote_port
              Receive policy from agent listening at specified IP address  and
              port number.

EXAMPLES

       # ccs-queryd

              Handle local query.

       # ccs-queryd 192.168.1.1:10000

              Handle remote query via agent listening at 192.168.1.1:10000 .

       Usage is available at http://tomoyo.sourceforge.jp/1.7/enforcing.html

NOTES

        You  need  to  register  either  path to this program ( /usr/sbin/ccs-
       queryd ) or a domain  for  this  program  in  /proc/ccs/manager  before
       invoking this program.

AUTHORS

        penguin-kernel _at_ I-love.SAKURA.ne.jp

COPYRIGHT

       Copyright © 2005-2010 NTT DATA CORPORATION.

       This  program is free software; you may redistribute it under the terms
       of the GNU General Public  License.  This  program  has  absolutely  no
       warranty.

SEE ALSO

        ccs-editpolicy-agent (8)