Info: Version 1.4.x is available.

TOMOYO Linux Project

Last modified: $Date: 2019-02-04 23:02:53 +0900 (Mon, 04 Feb 2019) $



1. Overview of TOMOYO Linux

TOMOYO Linux is an extension for Linux to provide Mandatory Access Control(MAC) functions. TOMOYO Linux is provided in the form of patches to the Linux vanilla kernels and utilities for policy management. By introducing TOMOYO Linux, you can use the following functions selectively.

Function Description
MAC for files Control read/write/execute for files and create/delete directories.
MAC for capabilities Control use of specific system calls.
MAC for IP addresses and ports Control IP addresses and ports for TCP and UDP and RAW sockets.
MAC for signal Control signal numbers and target processes.
Mount protection Restrict mount parameters.
Chroot protection Restrict directories that allow to chroot to.
Unmount protection Reject unmount requests for specified directories.
Hide-Mount protection Reject mount requests that hides an existing mount.
Pivot_root protection Restrict directories that can be exchanged.
Port-Assignment protection Forbid selecting specific local port number when automatic local port binding happens.
Tamper-Proof /dev filesystem A /dev filesystem that ensures device files and their attributes.
This filesystem can be used standalone, but is also useful when root fs is read-only.

2. Overview TOMOYO Linux's policy

About domain

In TOMOYO Linux, the extended kernel manages domains automatically. Therefore, administrators needn't to define domains like SELinux.
The name of a domain is a concatenated string expression for the process execution history. The name of a domain oriented from <kernel> .
For example, the name of domain which the kernel belongs to is "<kernel>", the name of domain which /sbin/init invoked by the kernel belongs to is "<kernel> /sbin/init", the name of domain which /etc/rc.d/rc invoked by the /sbin/init belongs to is "<kernel> /sbin/init /etc/rc.d/rc".

About security labels.

TOMOYO Linux provides MACs using filenames. Therefore, administrators needn't to define security labels like SELinux. Also, administrators needn't to update database like LIDS when the i-node of a file changes.

About users and roles

TOMOYO Linux doesn't have the concept of "users" nor "roles"(RBAC). But by using domains, administrators can delegate a part of their administration tasks.

About default policy

TOMOYO Linux doesn't have default policy files distributed with softwares. Administrators need to create policy files using "learning mode".
The example policies are available to help your understanding. You may use these examples as a guide, but you MUST NOT use these examples as default policies.

3. Supported Platforms

TOMOYO Linux is implemented as patches to Linux vanilla kernels (2.4.30 and later / 2.6.11 and later) and some of distributor's kernels. The following distributions are reported to work.

4. Manuals

TOMOYO Linux Install manual

TOMOYO Linux Maintenance manual

Tools Documentation

Policy Editor

Access Analysis using TOMOYO Linux

Policy Specifications of TOMOYO Linux

Policy Specifications of SYAORAN filesystem

5. FAQ


Policy Management


6. Reference

[TextCounter Fatal Error: Could Not Write to File _en_1_4_1_index_html]