| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | ====== |
| 2 | TOMOYO |
| 3 | ====== |
| 4 | |
| 5 | What is TOMOYO? |
| 6 | =============== |
| 7 | |
| 8 | TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. |
| 9 | |
| 10 | LiveCD-based tutorials are available at |
| 11 | |
| 12 | http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html |
| 13 | http://tomoyo.sourceforge.jp/1.8/centos6-live.html |
| 14 | |
| 15 | Though these tutorials use non-LSM version of TOMOYO, they are useful for you |
| 16 | to know what TOMOYO is. |
| 17 | |
| 18 | How to enable TOMOYO? |
| 19 | ===================== |
| 20 | |
| 21 | Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on |
| 22 | kernel's command line. |
| 23 | |
| 24 | Please see http://tomoyo.osdn.jp/2.5/ for details. |
| 25 | |
| 26 | Where is documentation? |
| 27 | ======================= |
| 28 | |
| 29 | User <-> Kernel interface documentation is available at |
| 30 | http://tomoyo.osdn.jp/2.5/policy-specification/index.html . |
| 31 | |
| 32 | Materials we prepared for seminars and symposiums are available at |
| 33 | http://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . |
| 34 | Below lists are chosen from three aspects. |
| 35 | |
| 36 | What is TOMOYO? |
| 37 | TOMOYO Linux Overview |
| 38 | http://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf |
| 39 | TOMOYO Linux: pragmatic and manageable security for Linux |
| 40 | http://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf |
| 41 | TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box |
| 42 | http://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf |
| 43 | |
| 44 | What can TOMOYO do? |
| 45 | Deep inside TOMOYO Linux |
| 46 | http://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf |
| 47 | The role of "pathname based access control" in security. |
| 48 | http://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf |
| 49 | |
| 50 | History of TOMOYO? |
| 51 | Realities of Mainlining |
| 52 | http://osdn.jp/projects/tomoyo/docs/lfj2008.pdf |
| 53 | |
| 54 | What is future plan? |
| 55 | ==================== |
| 56 | |
| 57 | We believe that inode based security and name based security are complementary |
| 58 | and both should be used together. But unfortunately, so far, we cannot enable |
| 59 | multiple LSM modules at the same time. We feel sorry that you have to give up |
| 60 | SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. |
| 61 | |
| 62 | We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM |
| 63 | version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ . |
| 64 | LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning |
| 65 | to port non-LSM version's functionalities to LSM versions. |