tomoyo-queryd(8) [debian man page]
TOMOYO-QUERYD(8) System Administration Utilities TOMOYO-QUERYD(8) NAME
tomoyo-queryd - real-time access request management utility for TOMOYO Linux SYNOPSIS
tomoyo-queryd tomoyo-queryd [remote_ip:remote_port] DESCRIPTION
This program detects policy violations that occur in domains set to enforcing mode. The violation is displayed and a number of options are given to either grant or reject this request. Programs are frozen until a response is provided by the administrator. This is useful when upgrading packages on the system, as errors due to changes in permissions can be avoided. Carefully analyze access requests before you grant them, as they could be coming from a compromised process or malicious attacker. Before this program can be invoked, you must register it in /sys/kernel/security/tomoyo/manager. After initializing policy, this is usually as simple as rebooting the system. OPTIONS
remote_ip:remote_port Instead of managing local policy violations, manage remote policy via an agent waiting at port remote_port on IP address remote_ip. EXAMPLES
Handle policy violations on the local system tomoyo-queryd Handle policy violations on a remote system tomoyo-queryd 192.168.1.1:10000 BUGS
If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>. AUTHORS
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Main author. Jamie Nguyen <jamie@tomoyolinux.co.uk> Documentation and website. SEE ALSO
tomoyo-editpolicy-agent(8), tomoyo-notifyd(8) See <http://tomoyo.sourceforge.jp> for more information. tomoyo-tools 2.5.0 2012-04-14 TOMOYO-QUERYD(8)
Check Out this Related Man Page
TOMOYO-LOADPOLICY(8) System Administration Utilities TOMOYO-LOADPOLICY(8) NAME
tomoyo-loadpolicy - load TOMOYO Linux manually SYNOPSIS
tomoyo-loadpolicy [option] tomoyo-loadpolicy [option] [remote_ip:remote_port] DESCRIPTION
This program reads TOMOYO Linux policy from standard input and loads it into the kernel. OPTIONS
-e Append to /sys/kernel/security/tomoyo/exception_policy. -ef Overwrite /sys/kernel/security/tomoyo/exception_policy. -d Append to /sys/kernel/security/tomoyo/domain_policy. -df Overwrite /sys/kernel/security/tomoyo/domain_policy. -m Append to /sys/kernel/security/tomoyo/manager. -p Append to /sys/kernel/security/tomoyo/profile. -s Append to /sys/kernel/security/tomoyo/stat. remote_ip:remote_port Write to policy on a remote system via an agent waiting at port remote_port on IP address remote_ip. EXAMPLES
Append a line to exception policy echo "acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e Remove a line from exception policy echo "delete acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e Append a line to domain policy ( echo "<kernel>"; echo "file execute /sbin/init" ) | tomoyo-loadpolicy -d Replace currently loaded domain policy tomoyo-loadpolicy -df < /etc/tomoyo/domain_policy.conf Append to policy remotely tomoyo-loadpolicy -d 192.168.1.1:10000 < /etc/tomoyo/192.168.1.1/domain_policy.conf Remove a line from "/sys/kernel/security/tomoyo/manager" echo "delete /usr/sbin/tomoyo-queryd" | tomoyo-loadpolicy -m BUGS
If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>. AUTHORS
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Main author. Jamie Nguyen <jamie@tomoyolinux.co.uk> Documentation and website. SEE ALSO
tomoyo-savepolicy(8), tomoyo-editpolicy(8), tomoyo-editpolicy-agent(8), tomoyo-init(8) See <http://tomoyo.sourceforge.jp> for more information. tomoyo-tools 2.5.0 2012-04-14 TOMOYO-LOADPOLICY(8)