Welcome to TOMOYO Linux Wiki!! This is the worldwide Wiki site of TOMOYO Linux. Japanese Wiki is here.

About TOMOYO Linux

What is TOMOYO Linux?

TOMOYO Linux is a MAC (Mandatory Access Control) implementation for Linux. It was developed by NTT DATA CORPORATION, Japan and is available under the GPL license. There are two series of TOMOYO Linux.

TOMOYO Linux version 2.x (LSM version)

LSM (Linux Security Modules) version, currently supporting MAC for file only. It has been merged in Linux kernel version 2.6.30.

TOMOYO Linux version 1.x (original hooks version)

Version 1.x is a full featured version of MAC. Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.

Policy Learning Mode

TOMOYO Linux has a special mode called "learning" mode. In learning mode, TOMOYO Linux analyzes the accesses occurred in the kernel and stores them as MAC policy.

More information here


It's a lot easier to try.


English mailing-list

TOMOYO Linux at SourceForge?.jp

SourceForge.jp: Project Info - TOMOYO


TOMOYO Linux had a BoF session at OLS2007.


TOMOYO Linux had a presentation and a tutorial session at ELC2007. Presentation materials are available here.

TomoyoLinux - CE Linux Public

TOMOYO Linux 2.x (TOMOYO Linux LSM)


  • Using LSM hooks.
  • Available in linux-2.6.30 and later.
  • Only the functionalities provided by LSM hooks (check here)
  • pathname based.
  • Policy learning mode.


TOMOYO Linux 1.x


Ready to go powerful (at least we think so) TOMOYO Linux. The latest version is 1.8.1.

  • MAC performed by using purposely created hooks.
  • 2.4 and 2.6 kernel support.
  • full MAC functionalities included (listed here)
  • pathname based.
  • Packages available for a number of distributions.
  • Policy learning mode.
  • can coexist without friction with SELinux and AppArmor?.


Reference Manual

Compatibility note

Kernel versions

Patches available for vanilla kernel 2.6 (from 2.6.11 to the latest one) and 2.4 (several versions).

Supported distributions (some binary packages available):

  • Fedora 11/12/13/14
  • CentOS 3.9/4.9/5.6 (CentOS 5.6 LiveCD)
  • Debian Etch/Lenny
  • OpenSUSE 11.0/11.1/11.2/11.3/11.4
  • Asianux 2.0/3.0
  • Ubuntu 6.06/8.04/8.10/9.04/9.10/10.04/10.10/11.04 (Ubuntu 10.04 LiveCD)
  • Vine Linux 4.2/5.2

Comparison of 1.x and 2.x

More detailed comparison is at http://tomoyo.sourceforge.jp/comparison.html .

TOMOYO Linux 1.8.1TOMOYO Linux 2.3.0
functionalitydomain divisionprocess execution historyprocess execution history
manageable resourcefileoo
environment variablesox
local port reservationox
applicable kernel2.4.30 and later, 2.6.11 and later2.6.36 and later
implementationdomain information storageappend an original member to task_struct or use external hash listuse task_struct->cred->security
hooks in system callsinsert original hooks into system callsuse LSM hooks
logging/proc/ccs interfacex

Browse the Code


Learning Wiki

About PukiWiki

Document (Japanese)


トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2011-04-24 (日) 11:06:49 (3154d)