ccs-queryd - Handle TOMOYO Linux’s delayed enforcing mode
This program detects policy violation in enforcing mode and displays
the access request. You can tell the system whether the access request
should be granted (or granted and policy should be appended to grant
the access request) or rejected after you validate the access request.
By running this program while updating packages, you can avoid errors
due to insufficient permissions.
Never grant access requests unconditionally. The cause of policy
violation is not always updating packages, but may by malicious
requests by attackers. If you grant access requests caused by malicious
requests by attackers, the system gets intruded.
If you don’t give --no-update option, this program also detects
pathname changes of globally readable files. If you give --ask-update
option, this program asks you whether or not to append created
pathnames which are registered in /etc/ld.so.cache to globally readable
files, and asks you whether or not to remove deleted pathnames from
globally readable files. If you omit options, this program
automatically appends created pathnames which are registered in
/etc/ld.so.cache to globally readable files, and automatically removes
deleted pathnames from globally readable files.
By running this program without --no-update option, you can avoid
errors like "unable to start applications because shared libraries are
unreadable" when the pathnames of shared libraries accessed by general
programs has changed.
Receive policy from agent listening at specified IP address and
Handle local query.
# ccs-queryd 192.168.1.1:10000
Handle remote query via agent listening at 192.168.1.1:10000 .
Usage is available at http://tomoyo.sourceforge.jp/1.7/enforcing.html
You need to register either path to this program ( /usr/sbin/ccs-
queryd ) or a domain for this program in /proc/ccs/manager before
invoking this program.
penguin-kernel _at_ I-love.SAKURA.ne.jp
Copyright © 2005-2010 NTT DATA CORPORATION.
This program is free software; you may redistribute it under the terms
of the GNU General Public License. This program has absolutely no