This page is for TOMOYO 2.2 (for Linux 2.6.30 - 2.6.35 kernels). Please jump to this page for TOMOYO 2.3 (for Linux 2.6.36 and later kernels).
Last modified: $Date: 2015-08-31 22:19:51 +0900 (Mon, 31 Aug 2015) $
This page describes how to install TOMOYO Linux's kernel and userland tools.
TOMOYO Linux 2.2.x is integrated with the upstream kernel source, but is only enabled when certain kernel configuration options are set. You can determine if your kernel has TOMOYO Linux enabled by running the following command:
$ grep tomoyo_io_printf /proc/kallsyms|
ffffffff8115e460 T tomoyo_io_printf
If you found a line containing tomoyo_io_printf in "/proc/kallsyms", proceed to Update bootloader configuration because your kernel was built with TOMOYO Linux.
If you are using CentOS 6, you don't need to compile kernel because you can install TOMOYO Linux enabled binary kernels from CentOS+ repository. To install, change from enabled=0 to enabled=1 in the [centosplus] section of /etc/yum.repos.d/CentOS-Base.repo and run "yum update". Then, proceed to Update bootloader configuration.
If not, then your kernel was not built with TOMOYO Linux and you should follow the steps below.
If you wish to obtain the most functionality out of TOMOYO Linux, then you may wish to use either the 1.x branch (which requires you to build your own kernel), or AKARI (which is a module and does not require you to build your own kernel). AKARI module currently provides more functionality than the 2.x branch, but is missing a small number of features that the 1.x branch provides. It is easy to use with any kernel from Linux 2.6.0 and later, depending on how the kernel has been configured and the CPU architecture. This chart provides a detailed comparison between AKARI and both the 1.x and 2.x branches. If you would prefer to use this module, please visit the AKARI website.
If you are planning to compile 2.6.33 and later kernels but have no reason not to use TOMOYO 2.5, use of TOMOYO 2.5 is recommended. TOMOYO 2.5 is more powerful and user friendly.
To compile kernel, the following packages are needed.
Download source code from "linux-220.127.116.11.tar.bz2" and extract it.
There may be bugfixes that are too late to get merged in the upstream kernel releases. Download all patches that match your kernel version (e.g. 2.6.35-tomoyo-\*.patch for 2.6.35 kernels) from http://tomoyo.osdn.jp/2.2/patches/ and run below command from the kernel's top directory. (Below command will skip already applied patch if any.)
|[user@tomoyo ~]$ for i in 2.6.*-tomoyo-*.patch; do patch -Nt -p1 --dry-run < $i && patch -p1 < $i; done|
Next, create a kernel config with TOMOYO Linux enabled.
|[user@tomoyo ~]$ make -s menuconfig|
Go to "Security options" screen and select "Enable different security models" and "TOMOYO Linux Support".
[ ] Enable access key retention support [*] Enable different security models -*- Enable the securityfs filesystem [ ] Socket and Networking Security Hooks -*- Security hooks for pathname based access control [ ] File POSIX Capabilities (0) Low address space to protect from user allocation [*] TOMOYO Linux Support
After creating a kernel config, compile the kernel.
[user@tomoyo ~]$ make -s|
[user@tomoyo ~]$ su
[root@tomoyo ~]# make -s modules_install install
Create initrd if you need.
Now edit your bootloader (e.g. GRUB) to include the kernel you have just compiled. If your kernel config does not contain "CONFIG_DEFAULT_SECURITY_TOMOYO=y", then edit your bootloader to include "security=tomoyo" in the kernel boot options. Depending on your distribution, the bootloader configuration file will probably be one of "/boot/grub/grub.conf" or "/boot/grub/menu.lst" (for GRUB version 1) or "/boot/grub/grub.cfg" or "/boot/grub2/grub.cfg" (for GRUB version 2). Consult your distribution documentation for information on how to configure the bootloader.
To compile tool, run the following commands.
[root@tomoyo ~]# wget -O tomoyo-tools-2.2.0-20120414.tar.gz 'http://osdn.jp/frs/redir.php?m=jaist&f=/tomoyo/41908/tomoyo-tools-2.2.0-20120414.tar.gz'|
[root@tomoyo ~]# tar -zxf tomoyo-tools-2.2.0-20120414.tar.gz
[root@tomoyo ~]# make -C tomoyo-tools/ install
Return to index page.