tomoyo-loadpolicy (8)

tomoyo-loadpolicy [option]

tomoyo-loadpolicy [option] [remote_ip:remote_port]

This program reads \s-1TOMOYO\s0 Linux policy from standard input and loads it into the kernel.

-e

Append to /sys/kernel/security/tomoyo/exception_policy.

-ef

Overwrite /sys/kernel/security/tomoyo/exception_policy.

-d

Append to /sys/kernel/security/tomoyo/domain_policy.

-df

Overwrite /sys/kernel/security/tomoyo/domain_policy.

-m

Append to /sys/kernel/security/tomoyo/manager.

-p

Append to /sys/kernel/security/tomoyo/profile.

-s

Append to /sys/kernel/security/tomoyo/stat.

remote_ip:remote_port

Write to policy on a remote system via an agent waiting at port remote_port on \s-1IP\s0 address remote_ip.

Append a line to exception policy

  echo "acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e

Remove a line from exception policy

echo "delete acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e

Append a line to domain policy

( echo "<kernel>"; echo "file execute /sbin/init" ) | tomoyo-loadpolicy -d

Replace currently loaded domain policy

tomoyo-loadpolicy -df < /etc/tomoyo/domain_policy.conf

Append to policy remotely

tomoyo-loadpolicy -d 192.168.1.1:10000 < /etc/tomoyo/192.168.1.1/domain_policy.conf echo "delete /usr/sbin/tomoyo-queryd" | tomoyo-loadpolicy -m

If you find any bugs, send an email to <[email protected]>.

Tetsuo Handa <[email protected]>

Main author.

Jamie Nguyen <[email protected]>

Documentation and website.

tomoyo-savepolicy(8), tomoyo-editpolicy(8), tomoyo-editpolicy-agent(8), tomoyo-init(8)

See <http://tomoyo.sourceforge.jp> for more information.