TOMOYO Linux

TOMOYO Linux

Original author(s)	NTT Data Corporation
Operating system	Linux
Type	Mandatory access control
License	GPL v2
Website	tomoyo.osdn.jp

TOMOYO Linux is a Linux kernel security module which implements mandatory access control (MAC).

Overview

TOMOYO Linux is a MAC implementation for Linux that can be used to increase the security of a system, while also being useful purely as a systems analysis tool. It was launched in March 2003 and was sponsored by NTT Data Corporation until March 2012.^[1]

TOMOYO Linux focuses on system behavior. TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts restricts each process to the behaviors and resources allowed by the administrator.

Features

The main features of TOMOYO Linux include:

System analysis
Increased security through Mandatory Access Control
Automatic policy generation
Simple syntax
Ease of use

History and versions

TOMOYO was merged in Linux Kernel mainline version 2.6.30 (2009, June 10)/^[2] It is currently one of four standard Linux Security Modules (LSM), along with SELinux, AppArmor and SMACK.

The TOMOYO Linux project started as a patch for the Linux kernel to provide MAC. Porting TOMOYO Linux to the mainline Linux kernel required the introduction of hooks^[3] into the LSM that had been designed and developed specifically to support SELinux and its label-based approach.

However, more hooks are needed to integrate the remaining MAC functionality of TOMOYO Linux. Consequently, the project is following two parallel development lines:

TOMOYO Linux 1.x, original version
- uses purposely created non-standard hooks
- fully featured MAC
- released as a patch for Linux kernel – Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.
- latest version: 1.7.1

TOMOYO Linux 2.x, mainline version
- uses standard LSM hooks
- fewer features
- integral part of Linux kernel version 2.6.30
- latest version: 2.5.0 included in Linux kernel 3.2

AKARI, TOMOYO 1.x fork
- uses standard LSM hooks
- fewer features than TOMOYO 1.x, but more than TOMOYO 2.x
- released as LSM, so no recompilation of the kernel is necessary

References

↑ "TOMOYO Linux Home Page". Tomoyo.osdn.jp. Retrieved 2013-05-23.
↑ "TOMOYO Linux, an alternative Mandatory Access Control". Linux 2 6 30. Linux Kernel Newbies.
↑ "TOMOYO #14 patch submission to LKML". LWN.net.

External links

Linux kernel

Organization

Kernel	Linux Foundation Linux Mark Institute Linus's Law Tanenbaum–Torvalds debate Linux-libre Tux SCO issues Linaro GNU GPL v2 menuconfig Supported computer architectures Kernel names Criticism

Support	Developers The Linux Programming Interface kernel.org LKML Linux conferences Users Linux User Group (LUG)

Technical

Debugging

Startup

ABIs

APIs

Of
userspace

FS, daemons	devfs devpts debugfs procfs sysfs systemd udev Kmscon

Wrapper libraries	C standard library glibc uClibc Bionic libhybris dietlibc EGLIBC klibc musl Newlib libcgroup libdrm libalsa libevdev

Of
kernel

System Call Interface	POSIX ioctl select open read close sync … Linux-only futex epoll splice dnotify inotify readahead …

In-kernel	ALSA Crypto API DRM kernfs New API Video4Linux

Components

Variants

Virtualization	Hypervisor KVM Xen OS-level virtualization Linux-VServer Lguest LXC OpenVZ Other L4Linux ELinOS User-mode Linux MkLinux coLinux

Adoption

Range of use	Desktop Embedded Gaming Thin client: LTSP Thinstation Server: LAMP LYME-LYCE Devices

Adopters	List of Linux adopters GENIVI Alliance Proprietary software for Linux

People

Category
Commons
Book
Wikiversity
Portal

This article is issued from Wikipedia - version of the 11/23/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.