Info: Version 1.6.x is available.
Last modified: $Date: 2011-11-20 09:56:56 +0900 (Sun, 20 Nov 2011) $
Since the policy of TOMOYO Linux is represented using pathnames, TOMOYO Linux is applicable for tracing file accesses.
You can use TOMOYO Linux to find how programs access files or what program is creating files on specific directories.
To compile kernel, see TOMOYO Linux kernel compilation.
If you are using distributions that support SELinux, you might encounter errors while installing packages if SELinux is not disabled. If you see error messages shown below while installing packages, retry after you disable SELinux. You can disable SELinux by either "changing SELINUX=disabled in /etc/selinux/config and reboot" or "adding selinux=0 to the kernel's boot paramaters".
[root@localhost ~]# rpm -ihv kernel-smp-2.6.9-78.0.8.EL_tomoyo_1.5.4.i586.rpm Preparing... ########################################### [100%] Error: %pre(kernel-2.6.9-78.0.8.EL_tomoyo_1.5.4.i586) scriptlet failed, exit status 255 Error: install: %pre scriptlet failed (2), skipping kernel-2.6.9-78.0.8.EL_tomoyo_1.5.4 |
TOMOYO Linux itself can coexist with SELinux. You may continue with SELinux enabled if you want.
To compile tools, run the following commands.
# Download source of tools for TOMOYO Linux. wget -O ccs-tools-1.5.5-20090401.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/27220/ccs-tools-1.5.5-20090401.tar.gz' # Extract. tar -zxf ccs-tools-1.5.5-20090401.tar.gz # Compile. make -C ccstools/ all install |
Create /etc/ccs/profile.conf with the following contents.
MAC_FOR_FILE=1 MAX_ACCEPT_ENTRY=1048576 MAX_GRANT_LOG=0 MAX_REJECT_LOG=0 TOMOYO_VERBOSE=0 |
Run the following command.
/usr/lib/ccs/init_policy.sh |
Reboot with TOMOYO Linux kernel.
Run applications you want to analyze.
You can see the list of programs executed until now by executing /usr/lib/ccs/editpolicy . Choose a program and press "Enter" to see the list of files accessed by the program. See How to use Policy Editor for usage of the policy editor.
You can save the list of all accessed files until now as /etc/ccs/domain_policy.conf by executing /usr/lib/ccs/savepolicy .