Welcome to TOMOYO Linux Wiki!! This is the worldwide Wiki site of TOMOYO Linux. Japanese Wiki is here.

About TOMOYO Linux

What is TOMOYO Linux?

TOMOYO Linux is a MAC (Mandatory Access Control) implementation for Linux. It was developed by NTT DATA CORPORATION, Japan and is available under the GPL license. There are two series of TOMOYO Linux.

TOMOYO Linux version 2.x (LSM version)

LSM (Linux Security Modules) version, currently supporting MAC for file only. It has been merged in Linux kernel version 2.6.30.

TOMOYO Linux version 1.x (original hooks version)

Version 1.x is a full featured version of MAC. Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.

Policy Learning Mode

TOMOYO Linux has a special mode called "learning" mode. In learning mode, TOMOYO Linux analyzes the accesses occurred in the kernel and stores them as MAC policy.

More information here

TOMOYO Linux Q&A

It's a lot easier to try.

TOMOYO Linux LiveCD

English mailing-list

TOMOYO Linux at SourceForge?.jp

SourceForge.jp: Project Info - TOMOYO

BoF

TOMOYO Linux had a BoF session at OLS2007.

ls_468x60_banner.gif

TOMOYO Linux had a presentation and a tutorial session at ELC2007. Presentation materials are available here.

TomoyoLinux - CE Linux Public

TOMOYO Linux 2.x (TOMOYO Linux LSM)

Overview

  • Using LSM hooks.
  • Available in linux-2.6.30 and later.
  • Only the functionalities provided by LSM hooks (check here)
  • pathname based.
  • Policy learning mode.

Documentation

TOMOYO Linux 1.x

Overview

Ready to go powerful (at least we think so) TOMOYO Linux. The latest version is 1.8.1.

  • MAC performed by using purposely created hooks.
  • 2.4 and 2.6 kernel support.
  • full MAC functionalities included (listed here)
  • pathname based.
  • Packages available for a number of distributions.
  • Policy learning mode.
  • can coexist without friction with SELinux and AppArmor?.

Documentation

Reference Manual

Compatibility note

Kernel versions

Patches available for vanilla kernel 2.6 (from 2.6.11 to the latest one) and 2.4 (several versions).

Supported distributions (some binary packages available):

  • Fedora 11/12/13/14
  • CentOS 3.9/4.9/5.6 (CentOS 5.6 LiveCD)
  • Debian Etch/Lenny
  • OpenSUSE 11.0/11.1/11.2/11.3/11.4
  • Asianux 2.0/3.0
  • Ubuntu 6.06/8.04/8.10/9.04/9.10/10.04/10.10/11.04 (Ubuntu 10.04 LiveCD)
  • Vine Linux 4.2/5.2

Comparison of 1.x and 2.x

More detailed comparison is at http://tomoyo.sourceforge.jp/comparison.html .

TOMOYO Linux 1.8.1TOMOYO Linux 2.3.0
functionalitydomain divisionprocess execution historyprocess execution history
manageable resourcefileoo
capabilityox
networkox
signalox
environment variablesox
local port reservationox
applicable kernel2.4.30 and later, 2.6.11 and later2.6.36 and later
implementationdomain information storageappend an original member to task_struct or use external hash listuse task_struct->cred->security
hooks in system callsinsert original hooks into system callsuse LSM hooks
logging/proc/ccs interfacex

Browse the Code

Papers

Learning Wiki

About PukiWiki

Document (Japanese)

Trademarks


トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2011-04-24 (日) 11:06:49 (2282d)