Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tomoyo-editpolicy(8) [debian man page]

TOMOYO-EDITPOLICY(8)					  System Administration Utilities				      TOMOYO-EDITPOLICY(8)

NAME
tomoyo-editpolicy - policy editor for TOMOYO Linux SYNOPSIS
tomoyo-editpolicy [options] tomoyo-editpolicy [options] [directory] tomoyo-editpolicy [options] [remote_ip:remote_port] DESCRIPTION
This program is the primary tool for policy management. It provides an ncurses interface for editing either policy saved to disk, or policy currently loaded into kernel memory. If no directory or remote address is specified, the policy loaded in kernel memory will be edited. Before this program can be invoked, you must register it in /sys/kernel/security/tomoyo/manager. After initializing policy, this is usually as simple as rebooting the system. OPTIONS
e Set initial screen to be the Exception Policy Editor. d Set initial screen to be the Domain Transition Editor [default]. p Set initial screen to be the Profile Editor. m Set initial screen to be the Manager Editor. s Set initial screen to be the Statistics. n Set initial screen to be the Namespace Selector. readonly Start the policy editor in browse-only mode. No editing is allowed. refresh=integer Refresh the screen automatically at the interval specified in seconds. directory Edit policy stored in the directory/policy/current/ directory, instead of the policy loaded in kernel memory. This must be the full path to the directory. remote_ip:remote_port Edit policy on a remote system via an agent waiting at port remote_port on IP address remote_ip. <namespace> Set initial namespace to be the <namespace> namespace [default="<kernel>"]. EXAMPLES
Start the policy editor tomoyo-editpolicy Edit policy stored in the "/etc/tomoyo/192.168.1.1/policy/current" directory tomoyo-editpolicy /etc/tomoyo/192.168.1.1/ Edit policy via an agent connecting to 192.168.1.1 at port 10000 tomoyo-editpolicy 192.168.1.1:10000 A usage guide with screenshots is available at <http://tomoyo.sourceforge.jp/2.5/tool-editpolicy.html>. BUGS
If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>. AUTHORS
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Main author. Jamie Nguyen <jamie@tomoyolinux.co.uk> Documentation and website. Yoshihiro Kusuno <yocto@users.sourceforge.jp> Line coloring feature. SEE ALSO
tomoyo-loadpolicy(8), tomoyo-editpolicy-agent(8) See <http://tomoyo.sourceforge.jp> for more information. tomoyo-tools 2.5.0 2012-04-14 TOMOYO-EDITPOLICY(8)

Check Out this Related Man Page

security_load_policy(3) 				     SELinux API documentation					   security_load_policy(3)

NAME
security_load_policy - load a new SELinux policy SYNOPSIS
#include <selinux/selinux.h> int security_load_policy(void *data, size_t len); int selinux_mkload_policy(int preservebools); int selinux_init_load_policy(int *enforce); DESCRIPTION
security_load_policy loads a new policy, returns 0 for success and -1 for error. selinux_mkload_policy makes a policy image and loads it. This function provides a higher level interface for loading policy than secu- rity_load_policy, internally determining the right policy version, locating and opening the policy file, mapping it into memory, manipulat- ing it as needed for current boolean settings and/or local definitions, and then calling security_load_policy to load it. preservebools is a boolean flag indicating whether current policy boolean values should be preserved into the new policy (if 1) or reset to the saved policy settings (if 0). The former case is the default for policy reloads, while the latter case is an option for policy reloads but is primarily used for the initial policy load. selinux_init_load_policy performs the initial policy load. This function determines the desired enforc- ing mode, sets the enforce argument accordingly for the caller to use, sets the SELinux kernel enforcing status to match it, and loads the policy. It also internally handles the initial selinuxfs mount required to perform these actions. It should also be noted that after the initial policy load, the SELinux kernel code cannot anymore be disabled and the selinuxfs cannot be unmounted using a call to security_disable(3). Therefore, after the initial policy load, the only operational changes are those permitted by setenforce(3) (i.e. eventually setting the framework in permissive mode rather than in enforcing one). RETURN VALUE
returns zero on success or -1 on error. AUTHOR
This manual page has been written by Guido Trentalancia <guido@trentalancia.com> SEE ALSO
selinux(8), security_disable(3), setenforce(1) guido@trentalancia.com 3 November 2009 security_load_policy(3)
Man Page

Featured Tech Videos