| Tetsuo Handa | 17a7b7b | 2009-04-13 11:04:19 +0900 | [diff] [blame] | 1 | --- What is TOMOYO? --- |
| 2 | |
| 3 | TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. |
| 4 | |
| 5 | LiveCD-based tutorials are available at |
| Tetsuo Handa | e6f6a4c | 2010-07-27 17:17:06 +0900 | [diff] [blame] | 6 | http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/ |
| 7 | http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ . |
| Tetsuo Handa | 17a7b7b | 2009-04-13 11:04:19 +0900 | [diff] [blame] | 8 | Though these tutorials use non-LSM version of TOMOYO, they are useful for you |
| 9 | to know what TOMOYO is. |
| 10 | |
| 11 | --- How to enable TOMOYO? --- |
| 12 | |
| 13 | Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on |
| 14 | kernel's command line. |
| 15 | |
| Tetsuo Handa | e6f6a4c | 2010-07-27 17:17:06 +0900 | [diff] [blame] | 16 | Please see http://tomoyo.sourceforge.jp/2.3/ for details. |
| Tetsuo Handa | 17a7b7b | 2009-04-13 11:04:19 +0900 | [diff] [blame] | 17 | |
| 18 | --- Where is documentation? --- |
| 19 | |
| 20 | User <-> Kernel interface documentation is available at |
| Tetsuo Handa | e6f6a4c | 2010-07-27 17:17:06 +0900 | [diff] [blame] | 21 | http://tomoyo.sourceforge.jp/2.3/policy-reference.html . |
| Tetsuo Handa | 17a7b7b | 2009-04-13 11:04:19 +0900 | [diff] [blame] | 22 | |
| 23 | Materials we prepared for seminars and symposiums are available at |
| 24 | http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . |
| 25 | Below lists are chosen from three aspects. |
| 26 | |
| 27 | What is TOMOYO? |
| 28 | TOMOYO Linux Overview |
| 29 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf |
| 30 | TOMOYO Linux: pragmatic and manageable security for Linux |
| 31 | http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf |
| 32 | TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box |
| 33 | http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf |
| 34 | |
| 35 | What can TOMOYO do? |
| 36 | Deep inside TOMOYO Linux |
| 37 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf |
| 38 | The role of "pathname based access control" in security. |
| 39 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf |
| 40 | |
| 41 | History of TOMOYO? |
| 42 | Realities of Mainlining |
| 43 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf |
| 44 | |
| 45 | --- What is future plan? --- |
| 46 | |
| 47 | We believe that inode based security and name based security are complementary |
| 48 | and both should be used together. But unfortunately, so far, we cannot enable |
| 49 | multiple LSM modules at the same time. We feel sorry that you have to give up |
| 50 | SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. |
| 51 | |
| 52 | We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM |
| Tetsuo Handa | e6f6a4c | 2010-07-27 17:17:06 +0900 | [diff] [blame] | 53 | version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ . |
| Tetsuo Handa | 17a7b7b | 2009-04-13 11:04:19 +0900 | [diff] [blame] | 54 | LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning |
| 55 | to port non-LSM version's functionalities to LSM versions. |