1*4882a593Smuzhiyun====== 2*4882a593SmuzhiyunTOMOYO 3*4882a593Smuzhiyun====== 4*4882a593Smuzhiyun 5*4882a593SmuzhiyunWhat is TOMOYO? 6*4882a593Smuzhiyun=============== 7*4882a593Smuzhiyun 8*4882a593SmuzhiyunTOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. 9*4882a593Smuzhiyun 10*4882a593SmuzhiyunLiveCD-based tutorials are available at 11*4882a593Smuzhiyun 12*4882a593Smuzhiyunhttp://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html 13*4882a593Smuzhiyunhttp://tomoyo.sourceforge.jp/1.8/centos6-live.html 14*4882a593Smuzhiyun 15*4882a593SmuzhiyunThough these tutorials use non-LSM version of TOMOYO, they are useful for you 16*4882a593Smuzhiyunto know what TOMOYO is. 17*4882a593Smuzhiyun 18*4882a593SmuzhiyunHow to enable TOMOYO? 19*4882a593Smuzhiyun===================== 20*4882a593Smuzhiyun 21*4882a593SmuzhiyunBuild the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on 22*4882a593Smuzhiyunkernel's command line. 23*4882a593Smuzhiyun 24*4882a593SmuzhiyunPlease see http://tomoyo.osdn.jp/2.5/ for details. 25*4882a593Smuzhiyun 26*4882a593SmuzhiyunWhere is documentation? 27*4882a593Smuzhiyun======================= 28*4882a593Smuzhiyun 29*4882a593SmuzhiyunUser <-> Kernel interface documentation is available at 30*4882a593Smuzhiyunhttps://tomoyo.osdn.jp/2.5/policy-specification/index.html . 31*4882a593Smuzhiyun 32*4882a593SmuzhiyunMaterials we prepared for seminars and symposiums are available at 33*4882a593Smuzhiyunhttps://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . 34*4882a593SmuzhiyunBelow lists are chosen from three aspects. 35*4882a593Smuzhiyun 36*4882a593SmuzhiyunWhat is TOMOYO? 37*4882a593Smuzhiyun TOMOYO Linux Overview 38*4882a593Smuzhiyun https://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf 39*4882a593Smuzhiyun TOMOYO Linux: pragmatic and manageable security for Linux 40*4882a593Smuzhiyun https://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf 41*4882a593Smuzhiyun TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box 42*4882a593Smuzhiyun https://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf 43*4882a593Smuzhiyun 44*4882a593SmuzhiyunWhat can TOMOYO do? 45*4882a593Smuzhiyun Deep inside TOMOYO Linux 46*4882a593Smuzhiyun https://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf 47*4882a593Smuzhiyun The role of "pathname based access control" in security. 48*4882a593Smuzhiyun https://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf 49*4882a593Smuzhiyun 50*4882a593SmuzhiyunHistory of TOMOYO? 51*4882a593Smuzhiyun Realities of Mainlining 52*4882a593Smuzhiyun https://osdn.jp/projects/tomoyo/docs/lfj2008.pdf 53*4882a593Smuzhiyun 54*4882a593SmuzhiyunWhat is future plan? 55*4882a593Smuzhiyun==================== 56*4882a593Smuzhiyun 57*4882a593SmuzhiyunWe believe that inode based security and name based security are complementary 58*4882a593Smuzhiyunand both should be used together. But unfortunately, so far, we cannot enable 59*4882a593Smuzhiyunmultiple LSM modules at the same time. We feel sorry that you have to give up 60*4882a593SmuzhiyunSELinux/SMACK/AppArmor etc. when you want to use TOMOYO. 61*4882a593Smuzhiyun 62*4882a593SmuzhiyunWe hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM 63*4882a593Smuzhiyunversion of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ . 64*4882a593SmuzhiyunLSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning 65*4882a593Smuzhiyunto port non-LSM version's functionalities to LSM versions. 66