NAME

init_policy - initialize TOMOYO Linux policy

SYNOPSIS

init_policy [option]

DESCRIPTION

This program generates templates for all policy files. However, the output should be reviewed because automatically generated exception policy may contain dangerous or redundant entries.

This program only needs to be run once.

OPTIONS

--file-only-profile

Create profiles with only file-related functionality enabled.

--full-profile

Create profiles with all functionality enabled. [default]

--use_profile=integer

Set the default profile number for the "<kernel>" domain to the specified integer, which must be between 0 and 255. [default=0]

--use_group=integer

Set the default group number for the "<kernel>" domain to the specified integer, which must be between 0 and 255. [default=0]

--max_audit_log=integer

Set the default maximal audit log entries that the kernel will spool in the /proc/ccs/audit interface. This value must be an integer, and can be set to 0 if audit logs are not required. Maximum memory used can also be controlled via the /proc/ccs/stat interface. [default=1024]

--max_learning_entry=integer

Set the default maximum number of ACL entries automatically added to each domain by the kernel when using learning mode. This value must be an integer, and can be set to o if you do not need learning mode. Maximum memory used can also be controlled using the /proc/ccs/stat interface.

--enforcing_penalty=integer

Set the default penalty for enforcing mode to the specified integer. This will force a process to sleep the specified number of deciseconds (1 decisecond = 0.1 second). This is useful to prevent CPU consumption issues by processes that rapidly repeat many access requests. [default=0]

--grant_log=value

Set whether grant logs should be audited. This value can either be yes or no. [default=no]

--reject_log=value

Set whether reject logs should be audited. This value can either be yes or no. [default=yes]

--module_name=value

Set the module name. This option is required when initializing policy for use with the AKARI module, in which case this value should be set to akari. [default=ccsecurity]

EXAMPLES

Initialize policy

  /usr/lib/ccs/init_policy

BUGS

If you find any bugs, send an email to <tomoyo-users-en@lists.osdn.me>.

AUTHORS

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

Main author.

Jamie Nguyen <jamie@tomoyolinux.co.uk>

Documentation and website.

Naohiro Aoto <naoto@namazu.org>

Bug fix for 64bit Gentoo.

SEE ALSO

ccs-init(8)

See <https://tomoyo.sourceforge.net> for more information.