diff options
| author | Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> | 2009-04-12 22:04:19 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-04-13 19:14:58 -0400 |
| commit | 17a7b7b39056a82c5012539311850f202e6c3cd4 (patch) | |
| tree | 2c537e2ead5e86a5bdcda1f6a6a7ace3a6651876 /Documentation | |
| parent | 80a04d3f2f94fb68b5df05e3ac6697130bc3467a (diff) | |
tomoyo: add Documentation/tomoyo.txt
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/tomoyo.txt | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/Documentation/tomoyo.txt b/Documentation/tomoyo.txt new file mode 100644 index 000000000000..b3a232cae7f8 --- /dev/null +++ b/Documentation/tomoyo.txt | |||
| @@ -0,0 +1,55 @@ | |||
| 1 | --- What is TOMOYO? --- | ||
| 2 | |||
| 3 | TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. | ||
| 4 | |||
| 5 | LiveCD-based tutorials are available at | ||
| 6 | http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/ubuntu8.04-live/ | ||
| 7 | http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/centos5-live/ . | ||
| 8 | Though these tutorials use non-LSM version of TOMOYO, they are useful for you | ||
| 9 | to know what TOMOYO is. | ||
| 10 | |||
| 11 | --- How to enable TOMOYO? --- | ||
| 12 | |||
| 13 | Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on | ||
| 14 | kernel's command line. | ||
| 15 | |||
| 16 | Please see http://tomoyo.sourceforge.jp/en/2.2.x/ for details. | ||
| 17 | |||
| 18 | --- Where is documentation? --- | ||
| 19 | |||
| 20 | User <-> Kernel interface documentation is available at | ||
| 21 | http://tomoyo.sourceforge.jp/en/2.2.x/policy-reference.html . | ||
| 22 | |||
| 23 | Materials we prepared for seminars and symposiums are available at | ||
| 24 | http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . | ||
| 25 | Below lists are chosen from three aspects. | ||
| 26 | |||
| 27 | What is TOMOYO? | ||
| 28 | TOMOYO Linux Overview | ||
| 29 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf | ||
| 30 | TOMOYO Linux: pragmatic and manageable security for Linux | ||
| 31 | http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf | ||
| 32 | TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box | ||
| 33 | http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf | ||
| 34 | |||
| 35 | What can TOMOYO do? | ||
| 36 | Deep inside TOMOYO Linux | ||
| 37 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf | ||
| 38 | The role of "pathname based access control" in security. | ||
| 39 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf | ||
| 40 | |||
| 41 | History of TOMOYO? | ||
| 42 | Realities of Mainlining | ||
| 43 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf | ||
| 44 | |||
| 45 | --- What is future plan? --- | ||
| 46 | |||
| 47 | We believe that inode based security and name based security are complementary | ||
| 48 | and both should be used together. But unfortunately, so far, we cannot enable | ||
| 49 | multiple LSM modules at the same time. We feel sorry that you have to give up | ||
| 50 | SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. | ||
| 51 | |||
| 52 | We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM | ||
| 53 | version of TOMOYO, available at http://tomoyo.sourceforge.jp/en/1.6.x/ . | ||
| 54 | LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning | ||
| 55 | to port non-LSM version's functionalities to LSM versions. | ||