1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
#! /bin/sh
if [ "$1" = "--version" ]
then
cat << EOF
ccs-loadpolicy 1.7.2
Copyright (C) 2005-2010 NTT DATA CORPORATION.
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
EOF
elif [ "$1" = "--help" ]
then
cat << EOF
Usage: ccs-loadpolicy [e][d][a][f][p][m][u] [{-|policy_dir} [remote_ip:remote_port]]
This program loads TOMOYO Linux's policy from files or standard input into kernel.
e Load exception policy. ( policy_dir/exception_policy.conf => /proc/ccs/exception_policy )
d Load domain policy. ( policy_dir/domain_policy.conf => /proc/ccs/domain_policy )
a Load exception policy and domain policy.
p Load profile. ( policy_dir/profile.conf => /proc/ccs/profile )
m Load manager. ( policy_dir/manager.conf => /proc/ccs/manager )
u Load meminfo. ( policy_dir/meminfo.conf => /proc/ccs/meminfo )
f Erase on-memory policy before loading on-disk policy. If not specified, on-disk policy is appended to on-memory policy.
This option is valid for "eda" options.
- Read policy from stdin. Specify only one of "edpmu" option when you use this option.
policy_dir Load policy files from policy_dir directory. Must starts with / .
Default is none if remote_ip:remote_port is specified, /etc/ccs/ otherwise.
remote_ip:remote_port Send policy to agent listening at specified IP address and port number.
Examples:
# echo "allow_read /proc/meminfo" | ccs-loadpolicy -e
Add "allow_read /proc/meminfo" to exception policy.
# echo "delete allow_read /proc/meminfo" | ccs-loadpolicy -e
Remove "allow_read /proc/meminfo" from exception policy.
# ( echo "<kernel>"; echo "allow_execute /sbin/init" ) | ccs-loadpolicy -d
Add "allow_execute /sbin/init" to "<kernel>" domain.
# ccs-loadpolicy df
Replace currently loaded domain policy with policy_dir/domain_policy.conf .
# ccs-loadpolicy d
Append policy_dir/domain_policy.conf into currently loaded domain policy.
# ccs-loadpolicy d /etc/ccs/192.168.1.1/ 192.168.1.1:10000
Append /etc/ccs/192.168.1.1/domain_policy.conf to 192.168.11.1:10000 .
EOF
else
cat << EOF | help2man -i - -N -s 8 -n "Load TOMOYO Linux's policy manually" $0 | gzip -9 > man8/ccs-loadpolicy.8.gz
[SEE ALSO]
ccs-init (8)
ccs-editpolicy-agent (8)
[NOTES]
You need to register either path to this program ( /usr/sbin/ccs-loadpolicy ) or a domain for this program in /proc/ccs/manager before invoking this program.
[AUTHORS]
penguin-kernel _at_ I-love.SAKURA.ne.jp
EOF
fi
exit 0
|
