Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tomoyo-editpolicy(8) [debian man page]

TOMOYO-EDITPOLICY(8)					  System Administration Utilities				      TOMOYO-EDITPOLICY(8)

NAME

       tomoyo-editpolicy - policy editor for TOMOYO Linux

SYNOPSIS

       tomoyo-editpolicy [options]

       tomoyo-editpolicy [options] [directory]

       tomoyo-editpolicy [options] [remote_ip:remote_port]

DESCRIPTION

       This program is the primary tool for policy management. It provides an ncurses interface for editing either policy saved to disk, or policy
       currently loaded into kernel memory.

       If no directory or remote address is specified, the policy loaded in kernel memory will be edited.

       Before this program can be invoked, you must register it in /sys/kernel/security/tomoyo/manager. After initializing policy, this is usually
       as simple as rebooting the system.

OPTIONS

       e   Set initial screen to be the Exception Policy Editor.

       d   Set initial screen to be the Domain Transition Editor [default].

       p   Set initial screen to be the Profile Editor.

       m   Set initial screen to be the Manager Editor.

       s   Set initial screen to be the Statistics.

       n   Set initial screen to be the Namespace Selector.

       readonly
	   Start the policy editor in browse-only mode. No editing is allowed.

       refresh=integer
	   Refresh the screen automatically at the interval specified in seconds.

       directory
	   Edit policy stored in the directory/policy/current/ directory, instead of the policy loaded in kernel memory. This must be the full
	   path to the directory.

       remote_ip:remote_port
	   Edit policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.

       <namespace>
	   Set initial namespace to be the <namespace> namespace [default="<kernel>"].

EXAMPLES

       Start the policy editor
	     tomoyo-editpolicy

       Edit policy stored in the "/etc/tomoyo/192.168.1.1/policy/current" directory
	     tomoyo-editpolicy /etc/tomoyo/192.168.1.1/

       Edit policy via an agent connecting to 192.168.1.1 at port 10000
	     tomoyo-editpolicy 192.168.1.1:10000

       A usage guide with screenshots is available at <http://tomoyo.sourceforge.jp/2.5/tool-editpolicy.html>.

BUGS

       If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS

       Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	   Main author.

       Jamie Nguyen <jamie@tomoyolinux.co.uk>
	   Documentation and website.

       Yoshihiro Kusuno <yocto@users.sourceforge.jp>
	   Line coloring feature.

SEE ALSO

       tomoyo-loadpolicy(8), tomoyo-editpolicy-agent(8)

       See <http://tomoyo.sourceforge.jp> for more information.

tomoyo-tools 2.5.0						    2012-04-14						      TOMOYO-EDITPOLICY(8)

Check Out this Related Man Page

INIT_POLICY(8)						  System Administration Utilities					    INIT_POLICY(8)

NAME

       init_policy - initialize TOMOYO Linux policy

SYNOPSIS

       init_policy [option]

DESCRIPTION

       This program generates templates for all policy files. However, the output should be reviewed because automatically generated exception
       policy may contain dangerous or redundant entries.

       This program only needs to be run once.

OPTIONS

       --file-only-profile
	   Create profiles with only file-related functionality enabled.

       --full-profile
	   Create profiles with all functionality enabled. [default]

       --use_profile=integer
	   Set the default profile number for the "<kernel>" domain to the specified integer, which must be between 0 and 255. [default=0]

       --use_group=integer
	   Set the default group number for the "<kernel>" domain to the specified integer, which must be between 0 and 255. [default=0]

       --max_audit_log=integer
	   Set the default maximal audit log entries that the kernel will spool in the /sys/kernel/security/tomoyo/audit interface. This value
	   must be an integer, and can be set to 0 if audit logs are not required. Maximum memory used can also be controlled via the
	   /sys/kernel/security/tomoyo/stat interface. [default=1024]

       --max_learning_entry=integer
	   Set the default maximum number of ACL entries automatically added to each domain by the kernel when using learning mode. This value
	   must be an integer, and can be set to o if you do not need learning mode. Maximum memory used can also be controlled using the
	   /sys/kernel/security/tomoyo/stat interface.

       --grant_log=value
	   Set whether grant logs should be audited. This value can either be "yes" or "no". [default=no]

       --reject_log=value
	   Set whether reject logs should be audited. This value can either be "yes" or "no". [default=yes]

EXAMPLES

       Initialize policy
	     /usr/lib/tomoyo/init_policy

BUGS

       If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS

       Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	   Main author.

       Jamie Nguyen <jamie@tomoyolinux.co.uk>
	   Documentation and website.

       Naohiro Aoto <naoto@namazu.org>
	   Bug fix for 64bit Gentoo.

SEE ALSO

       tomoyo-init(8)

       See <http://tomoyo.sourceforge.jp> for more information.

tomoyo-tools 2.5.0						    2012-04-14							    INIT_POLICY(8)
Man Page