tomoyotitle.png
tomoyopenguin.png

A security module for system analysis and protection

TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and had been sponsored by NTT DATA Corporation, Japan until March 2012.

TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.

The main features of TOMOYO Linux include:

  • System analysis
  • Increased security through Mandatory Access Control
  • Tools to aid in policy generation
  • Simple syntax
  • Easy to use
  • Very few dependencies
  • Requires no modification of existing binaries

Find out more on our About Page, and experience TOMOYO Linux in only 10 minutes with these short tutorial videos!

News (archive)


5th May, 2020

ccs-patch 1.8.7 and ccs-tools 1.8.7 released

An updated ccs-patch / ccs-tools for the 1.8.x branch loosened validity check of domainname and pathname.


1th January, 2020

ccs-tools 1.8.6 and tomoyo-tools 2.6.0p1 released

An updated ccs-tools for the 1.8.x branch and tomoyo-tools for the 2.5.x branch followed change of pathname calculation rule.


25th December, 2019

ccs-patch 1.8.6p1 released

An updated ccs-patch for the 1.8.x branch changed pathname calculation rule.


20th August, 2019

ccs-patch 1.8.6 released

An updated ccs-patch for the 1.8.x branch changed pathname calculation rule and fixed two bugs.


1th April, 2018

ccs-patch 1.8.5p2 released

An updated ccs-patch for the 1.8.x branch fixed a theoretical lockup bug in initialization.


20th February, 2017

ccs-patch 1.8.5p1 released

An updated ccs-patch for the 1.8.x branch fixed a theoretical lockup bug in garbage collector.