Difference between revisions of "TOMOYO"

From CBLFS
Jump to navigationJump to search
(upgrade kernel patch to 1.5.1)
(Update instructions, and various fixes to make it better English.)
 
(29 intermediate revisions by 9 users not shown)
Line 1: Line 1:
 
{|style="text-align: left; background-color: AliceBlue;"
 
{|style="text-align: left; background-color: AliceBlue;"
 
|-
 
|-
!Download Source
+
!Download Tools Source:
|http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-{{CCSTools-Version}}.tar.gz
+
|http://jaist.dl.sourceforge.jp/tomoyo/43376/ccs-tools-1.7.2-20100401.tar.gz (for TOMOYO 1.7)
 +
|http://jaist.dl.sourceforge.jp/tomoyo/41908/tomoyo-tools-2.2.0-20100225.tar.gz (for TOMOYO 2.2)
 
|-
 
|-
!Download Patch (for 2.6.22 series Kernel):
+
!Download Kernel Patch:
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
+
|http://jaist.dl.sourceforge.jp/tomoyo/43375/ccs-patch-{{TOMOYO-Version}}.tar.gz
|-
 
!Download Patch (TOMOYO 1.5.1 for 2.6.22 or 2.6.23 Kernel):
 
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.1-20071019.tar.gz
 
|-
 
!Download Patch (TOMOYO 2.1 for 2.6.23 series Kernel):
 
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar
 
 
|-}
 
|-}
  
 
----
 
----
  
{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles. For more information, see http://tomoyo.sourceforge.jp/wiki-e/?WhatIs.|http://tomoyo.sourceforge.jp/en/2.1.x/}}
+
{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles. For more information, see http://tomoyo.sourceforge.jp/wiki-e/?WhatIs .|http://tomoyo.sourceforge.jp/}}
  
 
== Dependencies ==
 
== Dependencies ==
  
=== Required ===
+
* None
  
* [[OpenSSL]] needed for mailauth function of TOMOYO tools
+
= Building TOMOYO aware kernels =
  
{{Note|mailauth is not a part of TOMOYO Linux core system and is a sample program to protect ssh login (see [http://sourceforge.jp/projects/tomoyo/document/winf2005-en.pdf/en/4/winf2005-en.pdf this] document for more detail). If you are not planning to use "mailauth", you will need to prevent it from being built (like "touch mailauth" or editing the Makefile to remove the entry) and OpenSSL is not neccessary.}}
+
== Kernel 2.6.35.* with TOMOYO {{TOMOYO-Version}} ==
  
== Rebuild Kernel ==
+
Download ccs-patch-{{TOMOYO-Version}}.tar.gz and put it in the kernel source dir. Then patch the kernel:
  
=== 2.6.22 Kernel and TOMOYO 1.5===
+
tar xzvf ccs-patch-{{TOMOYO-Version}}.tar.gz &&
 +
patch -Np1 -i patches/ccs-patch-2.6.35.diff
  
Extract the TOMOYO 1.5 patches and modify the patch file ccs-patch-2.6.22.txt:
+
Run "make menuconfig" and enable these options in the "Security Options" section:
  
  8<=========== change for version ============>8
+
  [*] CCSecurity support
  -EXTRAVERSION = .9-cfs-v22
+
  (2048) Default maximal count for learning mode
  +EXTRAVERSION = .9-cfs-v22-ccs
+
  (/sbin/ccs-init) Default policy loader
  8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
+
  (/sbin/ccs-start) Alternative activation trigger
@@ -64,5 +64,8 @@
+
  (/sbin/modprobe /sbin/hotplug) Built-in domain initializer programs
  #include <asm/tlb.h>
+
  [*]  Auditing interface support
+/***** TOMOYO Linux start. *****/
+
  (1024) Default maximal count for grant log
+#include <linux/tomoyo.h>
+
  (1024) Default maximal count for reject log
  +/***** TOMOYO Linux end. *****/
 
  /*
 
  * Scheduler clock - returns current time in nanosec units.
 
  @@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
 
  8<=======================>8
 
  
Patch the kernel source:
+
These can be built as modules if you use a initramfs. Now, compile and install the kernel with the instructions in the book.
  
patch -Np1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
+
== TOMOYO 2.2.0 ==
patch -Np1 -i ../ccs-patch-2.6.22.txt
 
  
Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.
+
Download 2.6.30 (or later) from http://www.kernel.org/ and extract it.
  
=== 2.6.23 Kernel and TOMOYO 1.5.1 ===
+
Run "make menuconfig" and go to "Security options" screen and select "TOMOYO Linux support" as shown below.
  
TOMOYO 1.5 has some features like network and mount operations control that not currently available in TOMOYO 2.x. so TOMOYO 1.5 is a better choice than TOMOYO 2.x.
+
[ ] Enable access key retention support
 +
[*] Enable different security models
 +
-*- Enable the securityfs filesystem
 +
[ ] Socket and Networking Security Hooks
 +
-*- Security hooks for pathname based access control
 +
[ ] File POSIX Capabilities
 +
(0) Low address space to protect from user allocation
 +
[*] TOMOYO Linux Support
  
Patche the kernel source:
+
Again, these can be built as modules if you use an initramfs. Compile the kernel according to the book.
  
tar xvf ../ccs-patch-1.5.1-20071019.tar.gz &&
+
= Building TOMOYO Tools =
sed -i 's/EXTRAVERSION = */EXTRAVERSION = .1/' patches/ccs-patch-2.6.23.diff &&
 
patch -Np1 -i patches/ccs-patch-2.6.23.diff
 
  
 
+
Download tomoyo-tools-2.2.0-20100225.tar.gz (for TOMOYO 2.2) or ccs-tools-1.7.2-20100401.tar.gz (for TOMOYO 1.7), depending on your version, and put it the source directory (either /sources or /usr/src).
Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.
 
 
 
=== 2.6.23 Kernel and TOMOYO 2.x ===
 
 
 
Extract the TOMOYO 2.x patches to the kernel source directory.
 
 
 
for i in `cat ../patches/series`; do patch -Np1 < ../patches/$i; done
 
 
 
Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.  Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.
 
 
 
[*] Enable different security models
 
< >  Default Linux Capabilities
 
< >  Root Plug Support
 
[ ] NSA SELinux Support
 
[*] TOMOYO Linux support
 
 
 
= Build TOMOYO Tools =
 
  
 
== Non-Multilib ==
 
== Non-Multilib ==
Line 128: Line 106:
 
= Configuring =
 
= Configuring =
  
== Configuring TOMOYO 1.5 ==
+
== TOMOYO {{TOMOYO-Version}} ==
 
 
Run init_policy.sh to perform initial configuration for ccs patch
 
 
 
/usr/lib/ccs/init_policy.sh
 
 
 
You will get initial configuration files in /etc/ccs/ directory.
 
 
 
== Configuring TOMOYO 2.x ==
 
  
Run tomoyo_init_policy.sh to perform initial configuration for TOMOYO 2.x.
+
Run init_policy to perform the initial configuration.
  
  /usr/lib/ccs/tomoyo_init_policy.sh
+
  /usr/lib/ccs/init_policy
  
You will get initial configuration files in /etc/tomoyo/ directory.
+
You should get various files in /etc/ccs/ directory.
  
== Configuring TOMOYO audit logging ==
+
If you want to, create an audit log in /var/log/tomoyo:
  
 
  cat > /etc/rc.d/init.d/ccs-auditd << EOF
 
  cat > /etc/rc.d/init.d/ccs-auditd << EOF
 
  #!/bin/sh
 
  #!/bin/sh
  /usr/lib/ccs/ccs-auditd /dev/null /var/log/tomoyo/reject_log.txt
+
  /usr/sbin/ccs-auditd /dev/null /var/log/tomoyo/reject_log.txt
 
  EOF
 
  EOF
  
Line 158: Line 128:
 
  mkdir -p /var/log/tomoyo
 
  mkdir -p /var/log/tomoyo
  
 +
Now, start the system from Learning Mode, so that you can apply future restrictions later if you want to:
  
== Configuring TOMOYO to begin from learning mode ==
+
echo '<kernel>' > /etc/ccs/domain_policy.conf
 +
echo 'use_profile 1' >> /etc/ccs/domain_policy.conf
  
Configure TOMOYO Linux to learn system behavior.
+
== TOMOYO 2.2.0 ==
 +
 
 +
Run tomoyo_init_policy.sh to perform the initial configuration.
 +
 
 +
/usr/lib/ccs/tomoyo_init_policy.sh
 +
 
 +
You should get initial configuration files in /etc/tomoyo/ directory.
 +
 
 +
Now, start the system from Learning Mode, so that you can apply future restrictions later if you want to:
  
 
  echo '<kernel>' > /etc/tomoyo/domain_policy.conf
 
  echo '<kernel>' > /etc/tomoyo/domain_policy.conf
 
  echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf
 
  echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf
  
= Boot TOMOYO Linux =
+
= Booting TOMOYO Linux =
  
When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.
+
== TOMOYO {{TOMOYO-Version}} ==
  
TOMOYO Linux: Enter 'disable' within 10 seconds to disable       
+
You can use boot parameter CCS=<name> to load profile /etc/ccs/profile-<name>.conf .
TOMOYO Linux.
+
Without CCS= parameter or <name> is "default", /etc/ccs/profile.conf will be loaded.
  TOMOYO Linux>
+
You can use CCS=ask to let user select from available profiles in /etc/ccs/ at boot time
 +
You can use CCS=disable to boot as usual Linux (i.e. without TOMOYO protection). This is just an example:
 +
 
 +
  root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default
  
If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.
+
== TOMOYO 2.2.0 ==
  
grub menu can use CCS=default to boot using default policy without waiting.
+
Same as TOMOYO {{TOMOYO-Version}}, except that the policies are loaded from /etc/tomoyo/ directory.
  
root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default
+
But, be sure to add the security=tomoyo parameter. This is, again, just an example:
  
newer version of /sbin/{ccs,tomoyo}-init from
+
root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default security=tomoyo
http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi?rev=580&root=tomoyo&view=rev
 
can be used, and with CCS=ask to let user select from available policies at boot time.
 
  
= Configuring policy to guard Linux as needed =
+
= Configuring Policy to Guard Linux as Needed =
  
 
Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.
 
Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.
  
  /usr/lib/ccs/editpolicy
+
  /usr/sbin/ccs-editpolicy
  
 
= Contents =
 
= Contents =
 +
 +
{| style="text-align: left;"
 +
|-valign="top"
 +
!Installed Directories:
 +
| /sbin
 +
|-valign="top"
 +
!Installed Programs:
 +
|ccs-init, tomoyo-init
 +
|-valign="top"
 +
!Installed Libraries:
 +
|
 +
|}
 +
 +
 +
{| style="text-align: left;"
 +
|-valign="top"
 +
!Installed Directories:
 +
|/usr/sbin
 +
|-valign="top"
 +
!Installed Programs:
 +
|ccs-editpolicy, ccs-setlevel, ccs-setprofile, ccs-ccstree, ccs-savepolicy, ccs-auditd, ccs-findtemp, ccs-sortpolicy, ccs-ld-watch, ccs-queryd, ccs-checkpolicy
 +
|-valign="top"
 +
!Installed Libraries:
 +
|
 +
|}
 +
  
 
{| style="text-align: left;"
 
{| style="text-align: left;"
Line 198: Line 205:
 
|-valign="top"
 
|-valign="top"
 
!Installed Programs:
 
!Installed Programs:
|tomoyo_init_policy.sh, init_policy.sh, editpolicy,  editpolicy_offline, setlevel, setprofile, ccstree, savepolicy, makesyaoranconf, ccs-auditd, findtemp, sortpolicy, ld-watch, ccs-queryd, checkpolicy,  /sbin/{ccs,tomoyo}-init
+
|tomoyo_init_policy.sh, init_policy.sh, editpolicy, setlevel, setprofile, ccstree, savepolicy, makesyaoranconf, ccs-auditd, ccs-notifyd, findtemp, sortpolicy, ld-watch, ccs-queryd, checkpolicy
 
|-valign="top"
 
|-valign="top"
 
!Installed Libraries:
 
!Installed Libraries:
Line 204: Line 211:
 
|}
 
|}
  
=== Short Descriptions ===
+
== Short Descriptions ==
  
 
{| style="text-align: left;"
 
{| style="text-align: left;"
 
|-valign="top"
 
|-valign="top"
!editpolicy
+
!ccs-editpolicy
|Edits the current policy in /proc/ccs/ directory
+
|Edits the current policy in /proc/ccs/ or /sys/kernel/security/tomoyo/ directory
 
|-valign="top"
 
|-valign="top"
!editpolicy_offline
+
!ccs-setlevel
|Edits the policy in /etc/ccs/ directory.
+
|Changes the current control level (i.e. writing to /proc/ccs/profile or /sys/kernel/security/tomoyo/profile ) and displays the new control level.
 
|-valign="top"
 
|-valign="top"
!setlevel
+
!ccs-setprofile
|Changes the current control level (i.e. writing to /proc/ccs/profile ) and displays the new control level.
 
|-valign="top"
 
!setprofile
 
 
|Assigns a profile to domains.
 
|Assigns a profile to domains.
 
|-valign="top"
 
|-valign="top"
!ccstree
+
!ccs-pstree (for TOMOYO 1.7) ccs-ccstree (for TOMOYO 2.2)
 
|Lists the domainnames of currently running processes belong to and the profile numbers the domains currently assigned to.
 
|Lists the domainnames of currently running processes belong to and the profile numbers the domains currently assigned to.
 
|-valign="top"
 
|-valign="top"
!savepolicy
+
!ccs-savepolicy
 
|Saves the on-memory policy onto disk.
 
|Saves the on-memory policy onto disk.
|-valign="top"
 
!makesyaoranconf
 
|Generates syaoran.conf, the configuration file for SYAORAN (the Tamper-Proof /dev filesystem). You can use SYAORAN filesystem if you want to run the system with read-only root fs or you want to prevent device files from tampering.
 
 
|-valign="top"
 
|-valign="top"
 
!ccs-auditd
 
!ccs-auditd
 
|Reads from /proc/ccs/grant_log and /proc/ccs/reject_log and writes to the location given in the commandline parameters.
 
|Reads from /proc/ccs/grant_log and /proc/ccs/reject_log and writes to the location given in the commandline parameters.
 
|-valign="top"
 
|-valign="top"
!sortpolicy
+
!ccs-sortpolicy
 
|Remove duplicated entry from logs written by "ccs-auditd".
 
|Remove duplicated entry from logs written by "ccs-auditd".
 
|-valign="top"
 
|-valign="top"
!findtemp
+
!ccs-findtemp
 
|Reads domain policy from standard input and checks the existence of pathnames, and dumps the nonexistent pathnames.
 
|Reads domain policy from standard input and checks the existence of pathnames, and dumps the nonexistent pathnames.
 
|-valign="top"
 
|-valign="top"
!ld-watch
+
!ccs-ld-watch
 
|Appends shared libraries to exception policy automatically using "allow_read" directive when the location of shared libraries in /etc/ld.so.cache has changed.
 
|Appends shared libraries to exception policy automatically using "allow_read" directive when the location of shared libraries in /etc/ld.so.cache has changed.
 
|-valign="top"
 
|-valign="top"
Line 247: Line 248:
  
 
Never grant access requests unconditionally. The cause of policy violation is not always updating packages, but may by malicious requests by attackers. If you grant access requests caused by malicious requests by attackers, the system gets intruded.
 
Never grant access requests unconditionally. The cause of policy violation is not always updating packages, but may by malicious requests by attackers. If you grant access requests caused by malicious requests by attackers, the system gets intruded.
 
To enable "delayed enforcing mode", you need to either set "ALLOW_ENFORCE_GRACE=1" in /proc/ccs/profile using "setlevel" command or assign a profile whose ALLOW_ENFORCE_GRACE is set to 1 to domains using "setprofile" command.
 
  
 
|-valign="top"
 
|-valign="top"
!checkpolicy
+
!ccs-checkpolicy
 
|Reads policy files from standard input and checks syntaxes.
 
|Reads policy files from standard input and checks syntaxes.
 
|-valign="top"
 
|-valign="top"
 
!ccs-init
 
!ccs-init
|Loads policy files from /etc/ccs/ directory.
+
|Loads policy files from /etc/ccs/ directory. Put this program as /sbin/ccs-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd.
 +
|-valign="top"
 +
!tomoyo-init
 +
|Loads policy files from /etc/tomoyo/ directory. Put this program as /sbin/tomoyo-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd.
 +
|}
  
Put this program as /sbin/ccs-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd.
+
[[Category:Security]]
|}
 

Latest revision as of 07:23, 25 August 2010


Introduction to TOMOYO

The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles. For more information, see http://tomoyo.sourceforge.jp/wiki-e/?WhatIs .

Project Homepage: http://tomoyo.sourceforge.jp/

Dependencies

  • None

Building TOMOYO aware kernels

Kernel 2.6.35.* with TOMOYO 1.7.2-2010804

Download ccs-patch-1.7.2-2010804.tar.gz and put it in the kernel source dir. Then patch the kernel:

tar xzvf ccs-patch-1.7.2-2010804.tar.gz &&
patch -Np1 -i patches/ccs-patch-2.6.35.diff

Run "make menuconfig" and enable these options in the "Security Options" section:

[*] CCSecurity support
(2048) Default maximal count for learning mode
(/sbin/ccs-init) Default policy loader
(/sbin/ccs-start) Alternative activation trigger
(/sbin/modprobe /sbin/hotplug) Built-in domain initializer programs
[*]   Auditing interface support
(1024)  Default maximal count for grant log
(1024)  Default maximal count for reject log

These can be built as modules if you use a initramfs. Now, compile and install the kernel with the instructions in the book.

TOMOYO 2.2.0

Download 2.6.30 (or later) from http://www.kernel.org/ and extract it.

Run "make menuconfig" and go to "Security options" screen and select "TOMOYO Linux support" as shown below.

[ ] Enable access key retention support
[*] Enable different security models
-*- Enable the securityfs filesystem
[ ] Socket and Networking Security Hooks
-*- Security hooks for pathname based access control
[ ] File POSIX Capabilities
(0) Low address space to protect from user allocation
[*] TOMOYO Linux Support

Again, these can be built as modules if you use an initramfs. Compile the kernel according to the book.

Building TOMOYO Tools

Download tomoyo-tools-2.2.0-20100225.tar.gz (for TOMOYO 2.2) or ccs-tools-1.7.2-20100401.tar.gz (for TOMOYO 1.7), depending on your version, and put it the source directory (either /sources or /usr/src).

Non-Multilib

Compile the package:

make

Install the package:

make install

Multilib

32Bit

Compile the package:

make CC="gcc ${BUILD32}"

Install the package:

make install

N32

Compile the package:

sed -i 's@/usr/lib@/usr/lib32@g' Makefile &&
make CC="gcc ${BUILDN32}"

Install the package:

make install

64Bit

Compile the package:

sed -i 's@/usr/lib@/usr/lib64@g' Makefile &&
make CC="gcc ${BUILD64}"

Install the package:

make install

Configuring

TOMOYO 1.7.2-2010804

Run init_policy to perform the initial configuration.

/usr/lib/ccs/init_policy

You should get various files in /etc/ccs/ directory.

If you want to, create an audit log in /var/log/tomoyo:

cat > /etc/rc.d/init.d/ccs-auditd << EOF
#!/bin/sh
/usr/sbin/ccs-auditd /dev/null /var/log/tomoyo/reject_log.txt
EOF
chmod +x /etc/rc.d/init.d/ccs-auditd
for i in 2 3 4 5; do
ln -sv ../init.d/ccs-auditd /etc/rc.d/rc${i}.d/S99ccs-auditd; done
mkdir -p /var/log/tomoyo

Now, start the system from Learning Mode, so that you can apply future restrictions later if you want to:

echo '<kernel>' > /etc/ccs/domain_policy.conf
echo 'use_profile 1' >> /etc/ccs/domain_policy.conf

TOMOYO 2.2.0

Run tomoyo_init_policy.sh to perform the initial configuration.

/usr/lib/ccs/tomoyo_init_policy.sh

You should get initial configuration files in /etc/tomoyo/ directory.

Now, start the system from Learning Mode, so that you can apply future restrictions later if you want to:

echo '<kernel>' > /etc/tomoyo/domain_policy.conf
echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

Booting TOMOYO Linux

TOMOYO 1.7.2-2010804

You can use boot parameter CCS=<name> to load profile /etc/ccs/profile-<name>.conf . Without CCS= parameter or <name> is "default", /etc/ccs/profile.conf will be loaded. You can use CCS=ask to let user select from available profiles in /etc/ccs/ at boot time You can use CCS=disable to boot as usual Linux (i.e. without TOMOYO protection). This is just an example:

root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default

TOMOYO 2.2.0

Same as TOMOYO 1.7.2-2010804, except that the policies are loaded from /etc/tomoyo/ directory.

But, be sure to add the security=tomoyo parameter. This is, again, just an example:

root=/dev/hda8 ro vga=791 video=neofb:ywrap,mtrr acpi=off CCS=default security=tomoyo

Configuring Policy to Guard Linux as Needed

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

/usr/sbin/ccs-editpolicy

Contents

Download Tools Source: http://jaist.dl.sourceforge.jp/tomoyo/43376/ccs-tools-1.7.2-20100401.tar.gz (for TOMOYO 1.7) http://jaist.dl.sourceforge.jp/tomoyo/41908/tomoyo-tools-2.2.0-20100225.tar.gz (for TOMOYO 2.2)
Download Kernel Patch: http://jaist.dl.sourceforge.jp/tomoyo/43375/ccs-patch-1.7.2-2010804.tar.gz
Installed Directories: /sbin
Installed Programs: ccs-init, tomoyo-init
Installed Libraries:


Installed Directories: /usr/sbin
Installed Programs: ccs-editpolicy, ccs-setlevel, ccs-setprofile, ccs-ccstree, ccs-savepolicy, ccs-auditd, ccs-findtemp, ccs-sortpolicy, ccs-ld-watch, ccs-queryd, ccs-checkpolicy
Installed Libraries:


Installed Directories: /usr/lib/ccs
Installed Programs: tomoyo_init_policy.sh, init_policy.sh, editpolicy, setlevel, setprofile, ccstree, savepolicy, makesyaoranconf, ccs-auditd, ccs-notifyd, findtemp, sortpolicy, ld-watch, ccs-queryd, checkpolicy
Installed Libraries:

Short Descriptions

ccs-editpolicy Edits the current policy in /proc/ccs/ or /sys/kernel/security/tomoyo/ directory
ccs-setlevel Changes the current control level (i.e. writing to /proc/ccs/profile or /sys/kernel/security/tomoyo/profile ) and displays the new control level.
ccs-setprofile Assigns a profile to domains.
ccs-pstree (for TOMOYO 1.7) ccs-ccstree (for TOMOYO 2.2) Lists the domainnames of currently running processes belong to and the profile numbers the domains currently assigned to.
ccs-savepolicy Saves the on-memory policy onto disk.
ccs-auditd Reads from /proc/ccs/grant_log and /proc/ccs/reject_log and writes to the location given in the commandline parameters.
ccs-sortpolicy Remove duplicated entry from logs written by "ccs-auditd".
ccs-findtemp Reads domain policy from standard input and checks the existence of pathnames, and dumps the nonexistent pathnames.
ccs-ld-watch Appends shared libraries to exception policy automatically using "allow_read" directive when the location of shared libraries in /etc/ld.so.cache has changed.
ccs-queryd Detects policy violation and displays the access request. You can tell the system whether the access request should be granted (or granted and policy should be appended to grant the access request) or rejected after you validate the access request.

By running this program while updating packages, you can avoid errors due to insufficient permissions.

Never grant access requests unconditionally. The cause of policy violation is not always updating packages, but may by malicious requests by attackers. If you grant access requests caused by malicious requests by attackers, the system gets intruded.

ccs-checkpolicy Reads policy files from standard input and checks syntaxes.
ccs-init Loads policy files from /etc/ccs/ directory. Put this program as /sbin/ccs-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd.
tomoyo-init Loads policy files from /etc/tomoyo/ directory. Put this program as /sbin/tomoyo-init , and this program will be invoked automatically when execution of /sbin/init is requested by initrd.
Retrieved from "?title=TOMOYO&oldid=20299"