Info: Version 1.7.x is available.
Last modified: $Date: 2012-03-02 10:34:04 +0900 (Fri, 02 Mar 2012) $
Since the policy of TOMOYO Linux is represented using pathnames, TOMOYO Linux is applicable for tracing file accesses.
You can use TOMOYO Linux to find how programs access files or what program is creating files on specific directories.
To compile kernel, see TOMOYO Linux kernel compilation. To compile tool, run the following commands.
wget -O ccs-tools-1.6.9-20120301.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/30298/ccs-tools-1.6.9-20120301.tar.gz' tar -zxf ccs-tools-1.6.9-20120301.tar.gz make -C ccstools/ install |
Create /etc/ccs/profile.conf with the following contents.
MAC_FOR_FILE=learning MAX_ACCEPT_ENTRY=1048576 MAX_GRANT_LOG=0 MAX_REJECT_LOG=0 TOMOYO_VERBOSE=disabled |
Run the following command.
/usr/lib/ccs/init_policy.sh |
Reboot with TOMOYO Linux kernel.
Run applications you want to analyze.
You can see the list of programs executed until now by executing /usr/sbin/ccs-editpolicy . Choose a program and press "Enter" to see the list of files accessed by the program. See How to use Policy Editor for usage of the policy editor.
You can save the list of all accessed files until now as /etc/ccs/domain_policy.conf by executing /usr/sbin/ccs-savepolicy .