Tomoyo Linux

Linux kernel security module
  • svn.osdn.net/svnroot/tomoyo/ Edit this at Wikidata
Operating systemLinuxTypeMandatory access controlLicenseGPLv2Websitetomoyo.osdn.jp

Tomoyo Linux (stylised as TOMOYO Linux) is a Linux kernel security module which implements mandatory access control (MAC).

Overview

Tomoyo Linux is a MAC implementation for Linux that can be used to increase the security of a system, while also being useful purely as a systems analysis tool. It was launched in March 2003 and was sponsored by NTT Data Corporation until March 2012.[1]

Tomoyo Linux focuses on system behaviour. Tomoyo Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, Tomoyo Linux restricts each process to the behaviours and resources allowed by the administrator.

Features

The main features of Tomoyo Linux include:

  • System analysis
  • Increased security through Mandatory Access Control
  • Automatic policy generation
  • Simple syntax
  • Ease of use

History and versions

Tomoyo was merged in Linux Kernel mainline version 2.6.30 (2009, June 10)/[2] It is currently one of four standard Linux Security Modules (LSM), along with SELinux, AppArmor and SMACK.

The Tomoyo Linux project started as a patch for the Linux kernel to provide MAC. Porting Tomoyo Linux to the mainline Linux kernel required the introduction of hooks[3] into the LSM that had been designed and developed specifically to support SELinux and its label-based approach.

However, more hooks are needed to integrate the remaining MAC functionality of Tomoyo Linux. Consequently, the project is following two parallel development lines:

Tomoyo Linux 1.x, original version

  • uses purposely created non-standard hooks
  • fully featured MAC
  • released as a patch for Linux kernel – Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.
  • latest version: 1.7.1

Tomoyo Linux 2.x, mainline version

  • uses standard LSM hooks
  • fewer features
  • integral part of Linux kernel version 2.6.30
  • latest version: 2.5.0 included in Linux kernel 3.2

Akari (stylised as AKARI), Tomoyo 1.x fork

  • uses standard LSM hooks
  • fewer features than Tomoyo 1.x, but more than Tomoyo 2.x
  • released as LKM (Loadable Kernel Module), so no recompilation of the kernel is necessary

Naming

The name 'TOMOYO' is, officially speaking, a backronym for "Task Oriented Management Obviates Your Onus". According to one of the developers Tetsuo Handa, it's also a reference to the character Tomoyo Daidouji from Cardcaptor Sakura.[4]

References

  1. ^ "Tomoyo Linux Home Page". Tomoyo.osdn.jp. Retrieved 2013-05-23.
  2. ^ "Tomoyo Linux, an alternative Mandatory Access Control". Linux 2 6 30. Linux Kernel Newbies.
  3. ^ "Tomoyo #14 patch submission to LKML". LWN.net.
  4. ^ "QandA - TOMOYO Linux Wiki". Archived from the original on 2015-12-25.

External links

  • Comparison chart of 1.x and 2.x
  • Comparison chart of Tomoyo 1.x, 2.x, and Akari
  • Tomoyo Linux project
  • Tomoyo Linux at Embedded Linux Wiki
  • LWN : Tomoyo Linux and pathname-based security
  • Tomoyo – Debian Wiki
  • Tomoyo Linux – ArchWiki
  • v
  • t
  • e
Organization
Kernel
Support
Technical
Debugging
Startup
ABIs
APIs
Kernel
System Call
Interface
In-kernel
Userspace
Daemons,
File systems
Wrapper
libraries
Components
Variants
Virtualization
Adoption
Range
of use
Adopters
  • icon Linux portal
  •  Free and open-source software portal
  • Category