tomoyo-loadpolicy - Load TOMOYO Linux’s policy manually

NAME

       tomoyo-loadpolicy - Load TOMOYO Linux’s policy manually

SYNOPSIS

       tomoyo-loadpolicy         [e][d][a][f][p][m][u]         [{-|policy_dir}
       [remote_ip:remote_port]]

DESCRIPTION

       This program loads TOMOYO Linux’s policy from files or  standard  input
       into kernel.

       e      Load               exception              policy.              (
              policy_dirpolicy_dir/exception_policy.base                     +
              policy_dir/exception_policy.conf                              =>
              /sys/kernel/security/tomoyo/exception_policy )

       d      Load   domain   policy.   (   policy_dir/domain_policy.base    +
              policy_dir/domain_policy.conf                                 =>
              /sys/kernel/security/tomoyo/domain_policy )

       a      Load exception policy and domain policy.

       p      Load      profile.       (       policy_dir/profile.base       +
              policy_dir/profile.conf => /sys/kernel/security/tomoyo/profile )

       m      Load      manager.       (       policy_dir/manager.base       +
              policy_dir/manager.conf => /sys/kernel/security/tomoyo/manager )

       u      Load      meminfo.       (       policy_dir/meminfo.base       +
              policy_dir/meminfo.conf => /sys/kernel/security/tomoyo/meminfo )

       f      Erase on-memory policy before loading  on-disk  policy.  If  not
              specified, on-disk policy is appended to on-memory policy.  This
              option is valid for "eda" options.

       -      Read policy from stdin. Specify only one of "edpmu" option  when
              you use this option.

       policy_dir
              Load  policy files from policy_dir directory. Must starts with /
              .

       remote_ip:remote_port
              Send policy to agent listening at specified IP address and  port
              number.

EXAMPLES

       # echo "allow_read /proc/meminfo" | tomoyo-loadpolicy -e

              Add "allow_read /proc/meminfo" to exception policy.

       # echo "delete allow_read /proc/meminfo" | tomoyo-loadpolicy -e

              Remove "allow_read /proc/meminfo" from exception policy.

       #   (   echo   "<kernel>";   echo   "allow_execute   /sbin/init"   )  |
       tomoyo-loadpolicy -d

              Add "allow_execute /sbin/init" to "<kernel>" domain.

       # tomoyo-loadpolicy df

              Replace     currently     loaded     domain     policy      with
              policy_dir/domain_policy.base  + policy_dir/domain_policy.conf .

       # tomoyo-loadpolicy d

              Append              policy_dir/domain_policy.base              +
              policy_dir/domain_policy.conf   into   currently  loaded  domain
              policy.

       # tomoyo-loadpolicy d /etc/tomoyo/192.168.1.1/ 192.168.1.1:10000

              Append       /etc/tomoyo/192.168.1.1/domain_policy.base        +
              /etc/tomoyo/192.168.1.1/domain_policy.conf to 192.168.11.1:10000
              .

NOTES

        You need to register either path to this program  (  /usr/sbin/tomoyo-
       loadpolicy     )     or     a    domain    for    this    program    in
       /sys/kernel/security/tomoyo/manager before invoking this program.

AUTHORS

        penguin-kernel _at_ I-love.SAKURA.ne.jp

COPYRIGHT

       Copyright © 2005-2009 NTT DATA CORPORATION.

       This program is free software; you may redistribute it under the  terms
       of  the  GNU  General  Public  License.  This program has absolutely no
       warranty.

NAME

SYNOPSIS

DESCRIPTION

EXAMPLES

NOTES

AUTHORS

COPYRIGHT

SEE ALSO