Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tomoyo-savepolicy(8) [debian man page]

TOMOYO-SAVEPOLICY(8)					  System Administration Utilities				      TOMOYO-SAVEPOLICY(8)

NAME

       tomoyo-savepolicy - save TOMOYO Linux policy

SYNOPSIS

       tomoyo-savepolicy [directory]

       tomoyo-savepolicy [directory] [remote_ip:remote:port]

DESCRIPTION

       This program saves TOMOYO Linux policy onto disk from kernel memory.

       The directory /etc/tomoyo/policy/YY-MM-DD.hh:mm:ss is created with four files inside: domain_policy.conf, exception_policy.conf,
       profile.conf, and manager.conf. The symbolic links /etc/tomoyo/policy/previous and /etc/tomoyo/policy/current are updated to point to the
       previous and current YY-MM-DD.hh:mm:ss directories respectively.

       The following symbolic links should exist within the /etc/tomoyo directory:

	 domain_policy.conf -> policy/current/domain_policy.conf
	 exception_policy.conf -> policy/current/exception_policy.conf
	 profile.conf -> policy/current/profile.conf
	 manager.conf -> policy/current/manager.conf
	 policy/current -> policy/YY-MM-DD.hh:mm:ss
	 policy/previous -> policy/YY-MM-DD.hh:mm:ss

       You can therefore access the current policy files without having to descend into subdirectories, and without having to determine which
       YY-MM-DD.hh:mm:ss directory is the most recent.

       If the policy type is specified, this program works similar to cat(1).

OPTIONS

       -e  Print /sys/kernel/security/tomoyo/exception_policy to standard output.

       -d  Print /sys/kernel/security/tomoyo/domain_policy to standard output.

       -p  Print /sys/kernel/security/tomoyo/profile to standard output.

       -m  Print /sys/kernel/security/tomoyo/manager to standard output.

       -s  Print /sys/kernel/security/tomoyo/stat to standard output.

       directory
	   Save policy to an alternative directory, rather than the default /etc/tomoyo directory.

       remote_ip:remote_port
	   Save policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.

EXAMPLES

       Save policy to disk
	     tomoyo-savepolicy

       Print "/sys/kernel/security/tomoyo/exception_policy" to standard output
	     tomoyo-savepolicy -e

       Retrieve policy from a remote system and save in a local directory
	     tomoyo-savepolicy /etc/tomoyo/192.168.1.1/ 192.168.1.1:10000

BUGS

       If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS

       Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	   Main author.

       Jamie Nguyen <jamie@tomoyolinux.co.uk>
	   Documentation and website.

SEE ALSO

       tomoyo-editpolicy-agent(8), tomoyo-loadpolicy(8)

       See <http://tomoyo.sourceforge.jp> for more information.

tomoyo-tools 2.5.0						    2012-04-14						      TOMOYO-SAVEPOLICY(8)

Check Out this Related Man Page

TOMOYO-EDITPOLICY(8)					  System Administration Utilities				      TOMOYO-EDITPOLICY(8)

NAME

       tomoyo-editpolicy - policy editor for TOMOYO Linux

SYNOPSIS

       tomoyo-editpolicy [options]

       tomoyo-editpolicy [options] [directory]

       tomoyo-editpolicy [options] [remote_ip:remote_port]

DESCRIPTION

       This program is the primary tool for policy management. It provides an ncurses interface for editing either policy saved to disk, or policy
       currently loaded into kernel memory.

       If no directory or remote address is specified, the policy loaded in kernel memory will be edited.

       Before this program can be invoked, you must register it in /sys/kernel/security/tomoyo/manager. After initializing policy, this is usually
       as simple as rebooting the system.

OPTIONS

       e   Set initial screen to be the Exception Policy Editor.

       d   Set initial screen to be the Domain Transition Editor [default].

       p   Set initial screen to be the Profile Editor.

       m   Set initial screen to be the Manager Editor.

       s   Set initial screen to be the Statistics.

       n   Set initial screen to be the Namespace Selector.

       readonly
	   Start the policy editor in browse-only mode. No editing is allowed.

       refresh=integer
	   Refresh the screen automatically at the interval specified in seconds.

       directory
	   Edit policy stored in the directory/policy/current/ directory, instead of the policy loaded in kernel memory. This must be the full
	   path to the directory.

       remote_ip:remote_port
	   Edit policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.

       <namespace>
	   Set initial namespace to be the <namespace> namespace [default="<kernel>"].

EXAMPLES

       Start the policy editor
	     tomoyo-editpolicy

       Edit policy stored in the "/etc/tomoyo/192.168.1.1/policy/current" directory
	     tomoyo-editpolicy /etc/tomoyo/192.168.1.1/

       Edit policy via an agent connecting to 192.168.1.1 at port 10000
	     tomoyo-editpolicy 192.168.1.1:10000

       A usage guide with screenshots is available at <http://tomoyo.sourceforge.jp/2.5/tool-editpolicy.html>.

BUGS

       If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS

       Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	   Main author.

       Jamie Nguyen <jamie@tomoyolinux.co.uk>
	   Documentation and website.

       Yoshihiro Kusuno <yocto@users.sourceforge.jp>
	   Line coloring feature.

SEE ALSO

       tomoyo-loadpolicy(8), tomoyo-editpolicy-agent(8)

       See <http://tomoyo.sourceforge.jp> for more information.

tomoyo-tools 2.5.0						    2012-04-14						      TOMOYO-EDITPOLICY(8)
Man Page