Commit | Line | Data |
---|---|---|
5ea672c7 KC |
1 | ====== |
2 | TOMOYO | |
3 | ====== | |
4 | ||
5 | What is TOMOYO? | |
6 | =============== | |
17a7b7b3 TH |
7 | |
8 | TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. | |
9 | ||
10 | LiveCD-based tutorials are available at | |
5ea672c7 | 11 | |
31368ce8 TH |
12 | http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html |
13 | http://tomoyo.sourceforge.jp/1.8/centos6-live.html | |
5ea672c7 | 14 | |
17a7b7b3 TH |
15 | Though these tutorials use non-LSM version of TOMOYO, they are useful for you |
16 | to know what TOMOYO is. | |
17 | ||
5ea672c7 KC |
18 | How to enable TOMOYO? |
19 | ===================== | |
17a7b7b3 | 20 | |
5ea672c7 | 21 | Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on |
17a7b7b3 TH |
22 | kernel's command line. |
23 | ||
31368ce8 | 24 | Please see http://tomoyo.osdn.jp/2.5/ for details. |
17a7b7b3 | 25 | |
5ea672c7 KC |
26 | Where is documentation? |
27 | ======================= | |
17a7b7b3 TH |
28 | |
29 | User <-> Kernel interface documentation is available at | |
31368ce8 | 30 | http://tomoyo.osdn.jp/2.5/policy-specification/index.html . |
17a7b7b3 TH |
31 | |
32 | Materials we prepared for seminars and symposiums are available at | |
31368ce8 | 33 | http://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . |
17a7b7b3 TH |
34 | Below lists are chosen from three aspects. |
35 | ||
36 | What is TOMOYO? | |
37 | TOMOYO Linux Overview | |
31368ce8 | 38 | http://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf |
17a7b7b3 | 39 | TOMOYO Linux: pragmatic and manageable security for Linux |
31368ce8 | 40 | http://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf |
17a7b7b3 | 41 | TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box |
31368ce8 | 42 | http://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf |
17a7b7b3 TH |
43 | |
44 | What can TOMOYO do? | |
45 | Deep inside TOMOYO Linux | |
31368ce8 | 46 | http://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf |
17a7b7b3 | 47 | The role of "pathname based access control" in security. |
31368ce8 | 48 | http://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf |
17a7b7b3 TH |
49 | |
50 | History of TOMOYO? | |
51 | Realities of Mainlining | |
31368ce8 | 52 | http://osdn.jp/projects/tomoyo/docs/lfj2008.pdf |
17a7b7b3 | 53 | |
5ea672c7 KC |
54 | What is future plan? |
55 | ==================== | |
17a7b7b3 TH |
56 | |
57 | We believe that inode based security and name based security are complementary | |
58 | and both should be used together. But unfortunately, so far, we cannot enable | |
59 | multiple LSM modules at the same time. We feel sorry that you have to give up | |
60 | SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. | |
61 | ||
62 | We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM | |
31368ce8 | 63 | version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ . |
17a7b7b3 TH |
64 | LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning |
65 | to port non-LSM version's functionalities to LSM versions. |