]>
Commit | Line | Data |
---|---|---|
17a7b7b3 TH |
1 | --- What is TOMOYO? --- |
2 | ||
3 | TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. | |
4 | ||
5 | LiveCD-based tutorials are available at | |
e6f6a4cc TH |
6 | http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/ |
7 | http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ . | |
17a7b7b3 TH |
8 | Though these tutorials use non-LSM version of TOMOYO, they are useful for you |
9 | to know what TOMOYO is. | |
10 | ||
11 | --- How to enable TOMOYO? --- | |
12 | ||
13 | Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on | |
14 | kernel's command line. | |
15 | ||
e6f6a4cc | 16 | Please see http://tomoyo.sourceforge.jp/2.3/ for details. |
17a7b7b3 TH |
17 | |
18 | --- Where is documentation? --- | |
19 | ||
20 | User <-> Kernel interface documentation is available at | |
e6f6a4cc | 21 | http://tomoyo.sourceforge.jp/2.3/policy-reference.html . |
17a7b7b3 TH |
22 | |
23 | Materials we prepared for seminars and symposiums are available at | |
24 | http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . | |
25 | Below lists are chosen from three aspects. | |
26 | ||
27 | What is TOMOYO? | |
28 | TOMOYO Linux Overview | |
29 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf | |
30 | TOMOYO Linux: pragmatic and manageable security for Linux | |
31 | http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf | |
32 | TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box | |
33 | http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf | |
34 | ||
35 | What can TOMOYO do? | |
36 | Deep inside TOMOYO Linux | |
37 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf | |
38 | The role of "pathname based access control" in security. | |
39 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf | |
40 | ||
41 | History of TOMOYO? | |
42 | Realities of Mainlining | |
43 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf | |
44 | ||
45 | --- What is future plan? --- | |
46 | ||
47 | We believe that inode based security and name based security are complementary | |
48 | and both should be used together. But unfortunately, so far, we cannot enable | |
49 | multiple LSM modules at the same time. We feel sorry that you have to give up | |
50 | SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. | |
51 | ||
52 | We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM | |
e6f6a4cc | 53 | version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ . |
17a7b7b3 TH |
54 | LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning |
55 | to port non-LSM version's functionalities to LSM versions. |