init_policy - initialize TOMOYO Linux policy
This program generates templates for all policy files. However,
the output should be reviewed because automatically generated exception
policy may contain dangerous or redundant entries.
This program only needs to be run once.
- --file-only-profile
- Create profiles with only file-related functionality enabled.
- --full-profile
- Create profiles with all functionality enabled. [default]
- --use_profile=integer
- Set the default profile number for the "<kernel>" domain
to the specified integer, which must be between 0 and 255.
[default=0]
- --use_group=integer
- Set the default group number for the "<kernel>" domain to
the specified integer, which must be between 0 and 255. [default=0]
- --max_audit_log=integer
- Set the default maximal audit log entries that the kernel will spool in
the /sys/kernel/security/tomoyo/audit interface. This value must be
an integer, and can be set to 0 if audit logs are not required. Maximum
memory used can also be controlled via the
/sys/kernel/security/tomoyo/stat interface. [default=1024]
- --max_learning_entry=integer
- Set the default maximum number of ACL entries automatically added to each
domain by the kernel when using learning mode. This value must be an
integer, and can be set to o if you do not need learning mode. Maximum
memory used can also be controlled using the
/sys/kernel/security/tomoyo/stat interface.
- --grant_log=value
- Set whether grant logs should be audited. This value can either be
"yes" or
"no". [default=no]
- --reject_log=value
- Set whether reject logs should be audited. This value can either be
"yes" or
"no". [default=yes]
If you find any bugs, send an email to
<tomoyo-users-en@lists.osdn.me>.