NAME¶

tomoyo-loadpolicy - load TOMOYO Linux manually

SYNOPSIS¶

tomoyo-loadpolicy [option] tomoyo-loadpolicy [option] [remote_ip:remote_port]

DESCRIPTION¶

This program reads TOMOYO Linux policy from standard input and loads it into the kernel.

OPTIONS¶

-e

Append to /sys/kernel/security/tomoyo/exception_policy.

-ef

Overwrite /sys/kernel/security/tomoyo/exception_policy.

-d

Append to /sys/kernel/security/tomoyo/domain_policy.

-df

Overwrite /sys/kernel/security/tomoyo/domain_policy.

-m

Append to /sys/kernel/security/tomoyo/manager.

-p

Append to /sys/kernel/security/tomoyo/profile.

-s

Append to /sys/kernel/security/tomoyo/stat.

remote_ip:remote_port

Write to policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.

EXAMPLES¶

Append a line to exception policy

  echo "acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e
    

Remove a line from exception policy

  echo "delete acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e
    

Append a line to domain policy

  ( echo "<kernel>"; echo "file execute /sbin/init" ) | tomoyo-loadpolicy -d
    

Replace currently loaded domain policy

  tomoyo-loadpolicy -df < /etc/tomoyo/domain_policy.conf
    

Append to policy remotely

  tomoyo-loadpolicy -d 192.168.1.1:10000 < /etc/tomoyo/192.168.1.1/domain_policy.conf
    

Remove a line from "/sys/kernel/security/tomoyo/manager"

  echo "delete /usr/sbin/tomoyo-queryd" | tomoyo-loadpolicy -m
    

BUGS¶

If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS¶

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

Main author.

Jamie Nguyen <jamie@tomoyolinux.co.uk>

Documentation and website.

SEE ALSO¶

tomoyo-savepolicy(8), tomoyo-editpolicy(8), tomoyo-editpolicy-agent(8), tomoyo-init(8) See <http://tomoyo.sourceforge.jp> for more information.