SYNOPSIS
ccs-queryd [--no-update|--ask-update|remote_ip:remote_port]DESCRIPTION
This program detects policy violation in enforcing mode and displays the access request. You can tell the system whether the access request should be granted (or granted and policy should be appended to grant the access request) or rejected after you validate the access request.By running this program while updating packages, you can avoid errors due to insufficient permissions.
Never grant access requests unconditionally. The cause of policy violation is not always updating packages, but may by malicious requests by attackers. If you grant access requests caused by malicious requests by attackers, the system gets intruded.
If you don't give --no-update option, this program also detects pathname changes of globally readable files. If you give --ask-update option, this program asks you whether or not to append created pathnames which are registered in /etc/ld.so.cache to globally readable files, and asks you whether or not to remove deleted pathnames from globally readable files. If you omit options, this program automatically appends created pathnames which are registered in /etc/ld.so.cache to globally readable files, and automatically removes deleted pathnames from globally readable files.
By running this program without --no-update option, you can avoid errors like "unable to start applications because shared libraries are unreadable" when the pathnames of shared libraries accessed by general programs has changed.
- remote_ip:remote_port
- Receive policy from agent listening at specified IP address and port number.
EXAMPLES
# ccs-queryd
- Handle local query.
# ccs-queryd 192.168.1.1:10000
- Handle remote query via agent listening at 192.168.1.1:10000 .
Usage is available at http://tomoyo.sourceforge.jp/1.7/enforcing.html
NOTES
You need to register either path to this program ( /usr/sbin/ccs-queryd ) or a domain for this program in /proc/ccs/manager before invoking this program.
AUTHORS
penguin-kernel _at_ I-love.SAKURA.ne.jp
COPYRIGHT
Copyright © 2005-2010 NTT DATA CORPORATION.This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty.