Tomoyo Linux

Tomoyo Linux
	Tomoyo Linux 2.x Domain Policy Editor
Original author(s)	NTT Data Corporation
Repository	svn.osdn.net/svnroot/tomoyo/;
Operating system	Linux
Type	Mandatory access control
License	GPLv2
Website	tomoyo.osdn.jp

Tomoyo Linux(stylised asTOMOYO Linux) is aLinux kernel security modulewhich implementsmandatory access control(MAC).

Overview

Tomoyo Linux is a MAC implementation forLinuxthat can be used to increase the security of a system, while also being useful purely as asystems analysistool. It was launched in March 2003 and was sponsored byNTT Data Corporationuntil March 2012.^[1]

Tomoyo Linux focuses on system behaviour. Tomoyo Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, Tomoyo Linux restricts each process to the behaviours and resources allowed by the administrator.

Features

The main features of Tomoyo Linux include:

System analysis
Increased security through Mandatory Access Control
Automatic policy generation
Simple syntax
Ease of use

History and versions

Tomoyo was merged inLinux Kernelmainline version 2.6.30 (2009, June 10)/^[2]It is currently one of four standardLinux Security Modules(LSM), along withSELinux,AppArmorandSMACK.

The Tomoyo Linux project started as a patch for the Linux kernel to provide MAC. Porting Tomoyo Linux to the mainline Linux kernel required the introduction of hooks^[3]into the LSM that had been designed and developed specifically to support SELinux and its label-based approach.

However, more hooks are needed to integrate the remaining MAC functionality of Tomoyo Linux. Consequently, the project is following two parallel development lines:

Tomoyo Linux 1.x,original version

uses purposely created non-standard hooks
fully featured MAC
released as a patch for Linux kernel – Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.
latest version: 1.7.1

Tomoyo Linux 2.x,mainline version

uses standardLSMhooks
fewer features
integral part of Linux kernel version 2.6.30
latest version: 2.5.0 included in Linux kernel 3.2

Akari(stylised asAKARI), Tomoyo 1.x fork

uses standardLSMhooks
fewer features than Tomoyo 1.x, but more than Tomoyo 2.x
released asLKM(Loadable Kernel Module), sono recompilation of the kernel is necessary

Naming

The name 'TOMOYO' is, officially speaking, abackronymfor "Task Oriented Management Obviates Your Onus". According to one of the developers Tetsuo Handa, it's also a reference to the character Tomoyo Daidouji fromCardcaptor Sakura.^[4]

References

^"Tomoyo Linux Home Page".Tomoyo.osdn.jp.Retrieved2013-05-23.
^"Tomoyo Linux, an alternative Mandatory Access Control".Linux 2 6 30.Linux Kernel Newbies.
^"Tomoyo #14 patch submission to LKML".LWN.net.
^"QandA - TOMOYO Linux Wiki".Archived fromthe originalon 2015-12-25.

External links

[1] "Tomoyo Linux Home Page".Tomoyo.osdn.jp.Retrieved2013-05-23.

[2] "Tomoyo Linux, an alternative Mandatory Access Control".Linux 2 6 30.Linux Kernel Newbies.

[3] "Tomoyo #14 patch submission to LKML".LWN.net.

[4] "QandA - TOMOYO Linux Wiki".Archived fromthe originalon 2015-12-25.

[1]

[2]

[3]

[4]