NAME

ccs-loadpolicy - load TOMOYO Linux manually

SYNOPSIS

ccs-loadpolicy [option]

ccs-loadpolicy [option] [remote_ip:remote_port]

DESCRIPTION

This program reads TOMOYO Linux policy from standard input and loads it into the kernel.

OPTIONS

-e

Append to /proc/ccs/exception_policy.

-ef

Overwrite /proc/ccs/exception_policy.

-d

Append to /proc/ccs/domain_policy.

-df

Overwrite /proc/ccs/domain_policy.

-m

Append to /proc/ccs/manager.

-p

Append to /proc/ccs/profile.

-s

Append to /proc/ccs/stat.

remote_ip:remote_port

Write to policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.

EXAMPLES

Append a line to exception policy

  echo "acl_group 0 file read proc:/meminfo" | ccs-loadpolicy -e

Remove a line from exception policy

  echo "delete acl_group 0 file read proc:/meminfo" | ccs-loadpolicy -e

Append a line to domain policy

  ( echo "<kernel>"; echo "file execute /sbin/init" ) | ccs-loadpolicy -d

Replace currently loaded domain policy

  ccs-loadpolicy -df < /etc/ccs/domain_policy.conf

Append to policy remotely

  ccs-loadpolicy -d 192.168.1.1:10000 < /etc/ccs/192.168.1.1/domain_policy.conf

Remove a line from /proc/ccs/manager

  echo "delete /usr/sbin/ccs-queryd" | ccs-loadpolicy -m

BUGS

If you find any bugs, send an email to <tomoyo-users-en@lists.osdn.me>.

AUTHORS

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

Main author.

Jamie Nguyen <jamie@tomoyolinux.co.uk>

Documentation and website.

SEE ALSO

ccs-savepolicy(8), ccs-editpolicy(8), ccs-editpolicy-agent(8), ccs-init(8)

See <https://tomoyo.sourceforge.net> for more information.