Based on kernel version 2.6.39.1. Page generated on 2011-06-03 13:47 EST.
1 --- What is TOMOYO? --- 2 3 TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. 4 5 LiveCD-based tutorials are available at 6 http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/ 7 http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ . 8 Though these tutorials use non-LSM version of TOMOYO, they are useful for you 9 to know what TOMOYO is. 10 11 --- How to enable TOMOYO? --- 12 13 Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on 14 kernel's command line. 15 16 Please see http://tomoyo.sourceforge.jp/2.3/ for details. 17 18 --- Where is documentation? --- 19 20 User <-> Kernel interface documentation is available at 21 http://tomoyo.sourceforge.jp/2.3/policy-reference.html . 22 23 Materials we prepared for seminars and symposiums are available at 24 http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . 25 Below lists are chosen from three aspects. 26 27 What is TOMOYO? 28 TOMOYO Linux Overview 29 http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf 30 TOMOYO Linux: pragmatic and manageable security for Linux 31 http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf 32 TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box 33 http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf 34 35 What can TOMOYO do? 36 Deep inside TOMOYO Linux 37 http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf 38 The role of "pathname based access control" in security. 39 http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf 40 41 History of TOMOYO? 42 Realities of Mainlining 43 http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf 44 45 --- What is future plan? --- 46 47 We believe that inode based security and name based security are complementary 48 and both should be used together. But unfortunately, so far, we cannot enable 49 multiple LSM modules at the same time. We feel sorry that you have to give up 50 SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. 51 52 We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM 53 version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ . 54 LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning 55 to port non-LSM version's functionalities to LSM versions.