Info: Version 1.7.x is available.
Last modified: $Date: 2019-02-04 23:02:53 +0900 (Mon, 04 Feb 2019) $
TOMOYO Linux is an extension for Linux to provide Mandatory Access Control(MAC) functions. TOMOYO Linux is provided in the form of patches to the Linux vanilla kernels and utilities for policy management. By introducing TOMOYO Linux, you can use the following functions selectively.
| Function | Description |
|---|---|
| MAC for files | Control read/write/execute for files and create/delete directories. |
| MAC for capabilities | Control use of specific system calls. |
| MAC for environment variable names | Control use of specific environment variable names. |
| MAC for IP addresses and ports | Control IP addresses and ports for TCP and UDP and RAW sockets. |
| MAC for signal | Control signal numbers and target processes. |
| Mount protection | Restrict mount parameters. |
| Chroot protection | Restrict directories that allow to chroot to. |
| Unmount protection | Reject unmount requests for specified directories. |
| Hide-Mount protection | Reject mount requests that hides an existing mount. |
| Pivot_root protection | Restrict directories that can be exchanged. |
| Port-Assignment protection | Forbid selecting specific local port number when automatic local port binding happens. |
| Tamper-Proof /dev filesystem | A /dev filesystem that ensures device files and their attributes. This filesystem can be used standalone, but is also useful when root fs is read-only. |
In TOMOYO Linux, the extended kernel manages domains automatically. Therefore, administrators needn't to define domains like SELinux.
The name of a domain is a concatenated string expression for the process execution history. The name of a domain oriented from <kernel> .
For example, the name of domain which the kernel belongs to is "<kernel>", the name of domain which /sbin/init invoked by the kernel belongs to is "<kernel> /sbin/init", the name of domain which /etc/rc.d/rc invoked by the /sbin/init belongs to is "<kernel> /sbin/init /etc/rc.d/rc".
TOMOYO Linux provides MACs using filenames. Therefore, administrators needn't to define security labels like SELinux. Also, administrators needn't to update database like LIDS when the i-node of a file changes.
TOMOYO Linux doesn't have the concept of "users" nor "roles"(RBAC). But by using domains, administrators can delegate a part of their administration tasks.
TOMOYO Linux doesn't have default policy files distributed with softwares. Administrators need to create policy files using "learning mode".
The example policies are available to help your understanding. You may use these examples as a guide, but you MUST NOT use these examples as default policies.
TOMOYO Linux is implemented as patches to Linux vanilla kernels (2.4.37 and 2.6.27 to 2.6.31) and some of distributor's kernels. Patches for the following distributions' latest kernels are available.