A discussion about TOMOYO Linux's access logs was held in tomoyo-dev-en ML. Although I feel sorry for making incompatible changes after releasing 1.8.0, I changed some specifications for improving usability. http://sourceforge.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.0-20101231.tar.gz http://sourceforge.jp/frs/redir.php?f=/tomoyo/49684/ccs-patch-1.8.0-20101231.tar.gz.asc http://sourceforge.jp/frs/redir.php?f=/tomoyo/49693/ccs-tools-1.8.0-20101231.tar.gz http://sourceforge.jp/frs/redir.php?f=/tomoyo/49693/ccs-tools-1.8.0-20101231.tar.gz.asc About changes in ccs-patch package: I merged /proc/ccs/grant_log and /proc/ccs/reject_log (interfaces for reading audit logs) into /proc/ccs/audit and added granted=yes or granted=no to audit log's header line. I renamed max_grant_log= and max_reject_log= parameters in /proc/ccs/profile to max_audit_log= parameter. I added patches for supporting Linux 2.6.38. About changes in ccs-tools package: Policy file's location has moved from /etc/ccs/ directory to /etc/ccs/policy/YY-MM-DD.hh:mm:ss/ directory. A symlink /etc/ccs/policy/current which points to the latest policy files and a symlink /etc/ccs/policy/previous which points to the previous policy files are created so that you can switch policy files by manipulating only one symlink. For compatibility, symlinks named domain_policy.conf exception_policy.conf profile.conf manager.conf which point to corresponding files in /etc/ccs/policy/current/ directory are provided in /etc/ccs/ directory. Configuration files for ccs-tools packages has moved from /usr/lib/ccs/ccstools.conf to /etc/ccs/tools/ directory. Currently, 4 files ( editpolicy.conf auditd.conf patternize.conf notifyd.conf ) are created in that directory. Note that supported command line options have changed because many of command line parameters have moved to configuration files. About changes in /usr/sbin/ccs-patternize In TOMOYO 1.8, I removed file_pattern keyword from ccs-patch package. This is because we can process it from userland and doing it in userland allows us more flexible processing. By specification changes in this update, you can apply patternization against (e.g.) only specific domains and specific directives. See /etc/ccs/tools/patternize.conf for syntax. About changes in /usr/sbin/ccs-auditd Until now, ccs-auditd did not have filtering capability. Therefore, we had to once save all audit logs in a single file and pick up from the file. By specification changes in this update, ccs-auditd can do "fgrep"-like filtering against audit log's header line, domainname line, ACL line. Therefore, you can now split files based on (e.g.) profile numbers and domainnames. See /etc/ccs/tools/auditd.conf for syntax. Note that ccs-auditd now reads audit logs from /proc/ccs/audit interface. Thus, you need to use updated ccs-patch for using updated ccs-auditd . About changes in /usr/sbin/ccs-editpolicy The configuration file for ccs-editpolicy has moved from /usr/lib/ccs/ccstools.conf to /etc/ccs/tools/editpolicy.conf . ccs-editpolicy now uses /proc/ccs/stat (interface for reading both memory usage and policy violation statistics) rather than /proc/ccs/meminfo (interface for reading only memory usage). About changes in /usr/sbin/ccs-diffpolicy This is a utility for applying "diff" against domain policy. You can use this utility for finding how ccs-patternize has patternized pathnames. About changes in /usr/sbin/ccs-savepolicy With the introduction of /etc/ccs/policy/YY-MM-DD.hh:mm:ss/ directory, I changed ccs-savepolicy to always save 4 types of policy files (i.e. domain_policy.conf exception_policy.conf manager.conf profile.conf ) so that each directory holds complete snapshots. About changes in /usr/sbin/ccs-loadpolicy To simplify command line syntax, I changed ccs-loadpolicy to always read policy from standard input. This means that you can no longer load multiple types of policy files with single execution. About changes in /usr/sbin/ccs-notifyd ccs-notifyd now runs as a daemon program. This means that you no longer need to start this program periodically from /etc/crontab . This program has moved from /usr/lib/ccs/ directory to /usr/sbin/ directory. See /etc/ccs/tools/notifyd.conf for syntax. About changes in /usr/lib/ccs/init_policy Create initial policy under /etc/ccs/policy/YY-MM-DD.hh:mm:ss/ directory. Create initial userland configuration used by programs in ccs-tools package under /etc/ccs/tools/ directory. Reserve ANY_PATHNAME which matches arbitrary pathnames, ANY_DIRECTORY which matches arbitrary directories, and COMMON_IOCTL_CMDS which matches 0x5401 (which is an IOCTL's command number commonly used) groups. About changes in /usr/lib/ccs/convert-audit-log I fixed "use_group " line handling error. The discussion on specification for ccs-patternize is still in progress. Feedbacks (e.g. what syntax should be supported ) and bug reports are welcome. P.S. AKARI 1.0.6 (based on ccs-patch-1.8.0-20101231.tar.gz ) is also available. http://sourceforge.jp/frs/redir.php?f=/akari/49272/akari-1.0.6-20101231.tar.gz http://sourceforge.jp/frs/redir.php?f=/akari/49272/akari-1.0.6-20101231.tar.gz.asc