Eric Lee / smarc-fsl-linux-kernel

Blame view

Documentation/security/tomoyo.txt 2.18 KB
edit raw normal view history
17a7b7b39   Tetsuo Handa   tomoyo: add Docum... 
1
2
3
4
5
 
  --- What is TOMOYO? ---
  
  TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
  
  LiveCD-based tutorials are available at
e6f6a4cc9   Tetsuo Handa   TOMOYO: Update ve... 
6
7
 
  http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/
  http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ .
17a7b7b39   Tetsuo Handa   tomoyo: add Docum... 
8
9
10
11
12
13
14
 
  Though these tutorials use non-LSM version of TOMOYO, they are useful for you
  to know what TOMOYO is.
  
  --- How to enable TOMOYO? ---
  
  Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on
  kernel's command line.
e6f6a4cc9   Tetsuo Handa   TOMOYO: Update ve... 
15
 
  Please see http://tomoyo.sourceforge.jp/2.3/ for details.
17a7b7b39   Tetsuo Handa   tomoyo: add Docum... 
16
17
18
19
 
  
  --- Where is documentation? ---
  
  User <-> Kernel interface documentation is available at
e6f6a4cc9   Tetsuo Handa   TOMOYO: Update ve... 
20
 
  http://tomoyo.sourceforge.jp/2.3/policy-reference.html .
17a7b7b39   Tetsuo Handa   tomoyo: add Docum... 
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
  
  Materials we prepared for seminars and symposiums are available at
  http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
  Below lists are chosen from three aspects.
  
  What is TOMOYO?
    TOMOYO Linux Overview
      http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf
    TOMOYO Linux: pragmatic and manageable security for Linux
      http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
    TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
      http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
  
  What can TOMOYO do?
    Deep inside TOMOYO Linux
      http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
    The role of "pathname based access control" in security.
      http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf
  
  History of TOMOYO?
    Realities of Mainlining
      http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf
  
  --- What is future plan? ---
  
  We believe that inode based security and name based security are complementary
  and both should be used together. But unfortunately, so far, we cannot enable
  multiple LSM modules at the same time. We feel sorry that you have to give up
  SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
  
  We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
e6f6a4cc9   Tetsuo Handa   TOMOYO: Update ve... 
52
 
  version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ .
17a7b7b39   Tetsuo Handa   tomoyo: add Docum... 
53
54
 
  LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
  to port non-LSM version's functionalities to LSM versions.