-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tomoyo: add Documentation/tomoyo.txt
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: James Morris <jmorris@namei.org>
- Loading branch information
Tetsuo Handa
authored and
James Morris
committed
Apr 13, 2009
1 parent
80a04d3
commit 17a7b7b
Showing
1 changed file
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| --- What is TOMOYO? --- | ||
|
|
||
| TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. | ||
|
|
||
| LiveCD-based tutorials are available at | ||
| http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/ubuntu8.04-live/ | ||
| http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/centos5-live/ . | ||
| Though these tutorials use non-LSM version of TOMOYO, they are useful for you | ||
| to know what TOMOYO is. | ||
|
|
||
| --- How to enable TOMOYO? --- | ||
|
|
||
| Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on | ||
| kernel's command line. | ||
|
|
||
| Please see http://tomoyo.sourceforge.jp/en/2.2.x/ for details. | ||
|
|
||
| --- Where is documentation? --- | ||
|
|
||
| User <-> Kernel interface documentation is available at | ||
| http://tomoyo.sourceforge.jp/en/2.2.x/policy-reference.html . | ||
|
|
||
| Materials we prepared for seminars and symposiums are available at | ||
| http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . | ||
| Below lists are chosen from three aspects. | ||
|
|
||
| What is TOMOYO? | ||
| TOMOYO Linux Overview | ||
| http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf | ||
| TOMOYO Linux: pragmatic and manageable security for Linux | ||
| http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf | ||
| TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box | ||
| http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf | ||
|
|
||
| What can TOMOYO do? | ||
| Deep inside TOMOYO Linux | ||
| http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf | ||
| The role of "pathname based access control" in security. | ||
| http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf | ||
|
|
||
| History of TOMOYO? | ||
| Realities of Mainlining | ||
| http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf | ||
|
|
||
| --- What is future plan? --- | ||
|
|
||
| We believe that inode based security and name based security are complementary | ||
| and both should be used together. But unfortunately, so far, we cannot enable | ||
| multiple LSM modules at the same time. We feel sorry that you have to give up | ||
| SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. | ||
|
|
||
| We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM | ||
| version of TOMOYO, available at http://tomoyo.sourceforge.jp/en/1.6.x/ . | ||
| LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning | ||
| to port non-LSM version's functionalities to LSM versions. |