tomoyo-savepolicy [directory] [remote_ip:remote:port]
DESCRIPTIONThis program saves TOMOYO Linux policy onto disk from kernel memory.
The directory /etc/tomoyo/policy/YY-MM-DD.hh:mm:ss is created with four files inside: domain_policy.conf, exception_policy.conf, profile.conf, and manager.conf. The symbolic links /etc/tomoyo/policy/previous and /etc/tomoyo/policy/current are updated to point to the previous and current YY-MM-DD.hh:mm:ss directories respectively.
The following symbolic links should exist within the /etc/tomoyo directory:
domain_policy.conf -> policy/current/domain_policy.conf exception_policy.conf -> policy/current/exception_policy.conf profile.conf -> policy/current/profile.conf manager.conf -> policy/current/manager.conf policy/current -> policy/YY-MM-DD.hh:mm:ss policy/previous -> policy/YY-MM-DD.hh:mm:ss
You can therefore access the current policy files without having to descend into subdirectories, and without having to determine which YY-MM-DD.hh:mm:ss directory is the most recent.
If the policy type is specified, this program works similar to cat(1).
- Print /sys/kernel/security/tomoyo/exception_policy to standard output.
- Print /sys/kernel/security/tomoyo/domain_policy to standard output.
- Print /sys/kernel/security/tomoyo/profile to standard output.
- Print /sys/kernel/security/tomoyo/manager to standard output.
- Print /sys/kernel/security/tomoyo/stat to standard output.
- Save policy to an alternative directory, rather than the default /etc/tomoyo directory.
- Save policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.
- Save policy to disk
- Print "/sys/kernel/security/tomoyo/exception_policy" to standard output
- Retrieve policy from a remote system and save in a local directory
tomoyo-savepolicy /etc/tomoyo/192.168.1.1/ 192.168.1.1:10000