TOMOYO-LOADPOLICY(8) | System Administration Utilities | TOMOYO-LOADPOLICY(8) |
NAME¶
tomoyo-loadpolicy - load TOMOYO Linux manually
SYNOPSIS¶
tomoyo-loadpolicy [option]
tomoyo-loadpolicy [option] [remote_ip:remote_port]
DESCRIPTION¶
This program reads TOMOYO Linux policy from standard input and loads it into the kernel.
OPTIONS¶
- -e
- Append to /sys/kernel/security/tomoyo/exception_policy.
- -ef
- Overwrite /sys/kernel/security/tomoyo/exception_policy.
- -d
- Append to /sys/kernel/security/tomoyo/domain_policy.
- -df
- Overwrite /sys/kernel/security/tomoyo/domain_policy.
- -m
- Append to /sys/kernel/security/tomoyo/manager.
- -p
- Append to /sys/kernel/security/tomoyo/profile.
- -s
- Append to /sys/kernel/security/tomoyo/stat.
- remote_ip:remote_port
- Write to policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.
EXAMPLES¶
- Append a line to exception policy
-
echo "acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e
- Remove a line from exception policy
-
echo "delete acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e
- Append a line to domain policy
-
( echo "<kernel>"; echo "file execute /sbin/init" ) | tomoyo-loadpolicy -d
- Replace currently loaded domain policy
-
tomoyo-loadpolicy -df < /etc/tomoyo/domain_policy.conf
- Append to policy remotely
-
tomoyo-loadpolicy -d 192.168.1.1:10000 < /etc/tomoyo/192.168.1.1/domain_policy.conf
- Remove a line from "/sys/kernel/security/tomoyo/manager"
-
echo "delete /usr/sbin/tomoyo-queryd" | tomoyo-loadpolicy -m
BUGS¶
If you find any bugs, send an email to <tomoyo-users-en@lists.osdn.me>.
AUTHORS¶
- Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
- Main author.
- Jamie Nguyen <jamie@tomoyolinux.co.uk>
- Documentation and website.
SEE ALSO¶
tomoyo-savepolicy(8), tomoyo-editpolicy(8), tomoyo-editpolicy-agent(8), tomoyo-init(8)
See <https://tomoyo.osdn.jp> for more information.
2019-02-05 | tomoyo-tools 2.6.0 |