tomoyo-init(8) load TOMOYO Linux policy automatically

SYNOPSIS

tomoyo-init

DESCRIPTION

When /sbin/init starts, the kernel automatically calls this program. Policy files that have been saved to disk are subsequently loaded into kernel memory.

This program copies the following files:

  /etc/tomoyo/exception_policy.conf => /sys/kernel/security/tomoyo/exception_policy
  /etc/tomoyo/domain_policy.conf => /sys/kernel/security/tomoyo/domain_policy
  /etc/tomoyo/profile.conf => /sys/kernel/security/tomoyo/profile
  /etc/tomoyo/manager.conf => /sys/kernel/security/tomoyo/manager
  /etc/tomoyo/stat.conf => /sys/kernel/security/tomoyo/stat

If /etc/tomoyo/tomoyo-post-init exists and is executable, then it will also be executed. This allows additional control over what happens at startup.

You will not usually need to invoke this program manually.

EXAMPLES

Contents of "/etc/tomoyo/tomoyo-post-init" allowing non-root "demo" user to edit policy
  #!/bin/bash
  echo manage_by_non_root > /sys/kernel/security/tomoyo/manager
  chown -R demo /sys/kernel/security/tomoyo

BUGS

If you find any bugs, send an email to <[email protected]>.

AUTHORS

Tetsuo Handa <[email protected]>
Main author.
Jamie Nguyen <[email protected]>
Documentation and website.