ccs-queryd(8) Handle TOMOYO Linux's delayed enforcing mode

SYNOPSIS

ccs-queryd [--no-update|--ask-update|remote_ip:remote_port]

DESCRIPTION

This program detects policy violation in enforcing mode and displays the access request. You can tell the system whether the access request should be granted (or granted and policy should be appended to grant the access request) or rejected after you validate the access request.

By running this program while updating packages, you can avoid errors due to insufficient permissions.

Never grant access requests unconditionally. The cause of policy violation is not always updating packages, but may by malicious requests by attackers. If you grant access requests caused by malicious requests by attackers, the system gets intruded.

If you don't give --no-update option, this program also detects pathname changes of globally readable files. If you give --ask-update option, this program asks you whether or not to append created pathnames which are registered in /etc/ld.so.cache to globally readable files, and asks you whether or not to remove deleted pathnames from globally readable files. If you omit options, this program automatically appends created pathnames which are registered in /etc/ld.so.cache to globally readable files, and automatically removes deleted pathnames from globally readable files.

By running this program without --no-update option, you can avoid errors like "unable to start applications because shared libraries are unreadable" when the pathnames of shared libraries accessed by general programs has changed.

remote_ip:remote_port
Receive policy from agent listening at specified IP address and port number.

EXAMPLES

# ccs-queryd

Handle local query.

# ccs-queryd 192.168.1.1:10000

Handle remote query via agent listening at 192.168.1.1:10000 .

Usage is available at http://tomoyo.sourceforge.jp/1.7/enforcing.html

NOTES


 You need to register either path to this program ( /usr/sbin/ccs-queryd ) or a domain for this program in /proc/ccs/manager before invoking this program.

AUTHORS


 penguin-kernel _at_ I-love.SAKURA.ne.jp

COPYRIGHT

Copyright © 2005-2010 NTT DATA CORPORATION.

This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty.