Tetsuo Handa
from-****@I-lov*****
Tue Dec 21 21:36:47 JST 2010
Tetsuo Handa wrote: > And I'm going to remove the 'a' option from ccs-loadpolicy command tomorrow > because the 'a' option was removed from ccs-savepolicy command. I removed the 'a' option from ccs-loadpolicy command and modified programs to use /proc/ccs/stat rather than /proc/ccs/meminfo . /proc/ccs/meminfo contains statistics information regarding only memory usage. /proc/ccs/stat contains statistics information regarding not only memory usage but also events for policy updates and policy violations. More information will be added in the future. [root ¡÷ tomoyo ~]# cat /proc/ccs/meminfo Policy: 293920 Audit logs: 0 (Quota: 16777216) Query lists: 0 (Quota: 1048576) Total: 293920 [root ¡÷ tomoyo ~]# cat /proc/ccs/stat Policy update: 5070 (Last: 2010/12/20 12:12:06) Policy violation in learning mode: 2040 (Last: 2010/12/20 12:12:06) Policy violation in permissive mode: 0 Policy violation in enforcing mode: 0 Memory used by policy: 293824 Memory used by audit log: 0 (Quota: 16777216) Memory used by query message: 0 (Quota: 1048576) Total memory used: 293824 In 1.8.0, I suppressed printk() messages when policy violation events occurred, for it is very noisy. Instead, I embedded a counter into /proc/ccs/stat for counting number of policy violation events and timestamp of last event so that users can easily check whether there has been policy violation events or not. If you have troubles with these changes (revision 4218), please let me know. I'll start taking screenshots and updating documentations. Thanks.
TOMOYO
Fork