Provided by: tomoyo-tools_2.4.0-20111025-3_amd64 bug

NAME

       tomoyo-loadpolicy - load TOMOYO Linux policy manually

SYNOPSIS

       tomoyo-loadpolicy [options]

       tomoyo-loadpolicy [options] <remote_ip:remote_port>

DESCRIPTION

       This program reads TOMOYO Linux policy from standard input and loads it into the kernel.

OPTIONS

       -e
           Append to /sys/kernel/security/tomoyo/tomoyo/exception_policy.

       -ef
           Overwrite to /sys/kernel/security/tomoyo/tomoyo/exception_policy.

       -d
           Append to /sys/kernel/security/tomoyo/tomoyo/domain_policy.

       -df
           Overwrite to /sys/kernel/security/tomoyo/tomoyo/domain_policy.

       -m
           Append to /sys/kernel/security/tomoyo/tomoyo/manager.

       -p
           Append to /sys/kernel/security/tomoyo/tomoyo/profile.

       -s
           Append to /sys/kernel/security/tomoyo/tomoyo/stat.

       <remote_ip:remote_port>
           Instead  of  writing  to  local  kernel  memory,  write  to  an  agent waiting at port
           <remote_port> on IP address <remote_ip>.

EXAMPLES

       Add "file read proc:/meminfo" to acl_group 0:
       echo "acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e

       Remove "file read proc:/meminfo" from acl_group 0:
       echo "delete acl_group 0 file read proc:/meminfo" | tomoyo-loadpolicy -e

       Add "file execute /sbin/init" to <kernel> domain:
       ( echo "<kernel>"; echo "file execute /sbin/init" ) | tomoyo-loadpolicy -d

       Replace currently loaded domain policy with "/etc/tomoyo/domain_policy.conf":
       tomoyo-loadpolicy -df < /etc/tomoyo/domain_policy.conf

       Append "/etc/tomoyo/192.168.1.1/domain_policy.conf to 192.168.1.1:10000:
       tomoyo-loadpolicy -d 192.168.1.1:10000 < /etc/tomoyo/192.168.1.1/domain_policy.conf

       Remove "/usr/sbin/tomoyo-queryd" from "/sys/kernel/security/tomoyo/tomoyo/manager":
       echo "delete /usr/sbin/tomoyo-queryd" | tomoyo-loadpolicy -m

NOTES

       Before    this    program    can    be    invoked,    it    must    be    registered    in
       /sys/kernel/security/tomoyo/tomoyo/manager.  After initializing policy, this is usually as
       simple as rebooting the system.

BUGS

       If there are any bugs, send an email with as much  detail  as  possible  to  tomoyo-users-
       en@lists.sourceforge.jp

AUTHORS

       Main authors:

       ·   Tetsuo Handa <penguin-kernel AT I-love.SAKURA.ne.jp>

       Other contributers:

       ·   Jamie Nguyen <jamie AT tomoyolinux.co.uk>

           Man pages, documentation and website.

SEE ALSO

       tomoyo-savepolicy(8), tomoyo-editpolicy(8), tomoyo-editpolicy-agent(8), tomoyo-init(8)

       See http://tomoyo.sourceforge.jp/ for more information.