diff options
Diffstat (limited to 'Documentation/security/tomoyo.txt')
-rw-r--r-- | Documentation/security/tomoyo.txt | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/Documentation/security/tomoyo.txt b/Documentation/security/tomoyo.txt new file mode 100644 index 000000000000..200a2d37cbc8 --- /dev/null +++ b/Documentation/security/tomoyo.txt | |||
@@ -0,0 +1,55 @@ | |||
1 | --- What is TOMOYO? --- | ||
2 | |||
3 | TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. | ||
4 | |||
5 | LiveCD-based tutorials are available at | ||
6 | http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/ | ||
7 | http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ . | ||
8 | Though these tutorials use non-LSM version of TOMOYO, they are useful for you | ||
9 | to know what TOMOYO is. | ||
10 | |||
11 | --- How to enable TOMOYO? --- | ||
12 | |||
13 | Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on | ||
14 | kernel's command line. | ||
15 | |||
16 | Please see http://tomoyo.sourceforge.jp/2.3/ for details. | ||
17 | |||
18 | --- Where is documentation? --- | ||
19 | |||
20 | User <-> Kernel interface documentation is available at | ||
21 | http://tomoyo.sourceforge.jp/2.3/policy-reference.html . | ||
22 | |||
23 | Materials we prepared for seminars and symposiums are available at | ||
24 | http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . | ||
25 | Below lists are chosen from three aspects. | ||
26 | |||
27 | What is TOMOYO? | ||
28 | TOMOYO Linux Overview | ||
29 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf | ||
30 | TOMOYO Linux: pragmatic and manageable security for Linux | ||
31 | http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf | ||
32 | TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box | ||
33 | http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf | ||
34 | |||
35 | What can TOMOYO do? | ||
36 | Deep inside TOMOYO Linux | ||
37 | http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf | ||
38 | The role of "pathname based access control" in security. | ||
39 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf | ||
40 | |||
41 | History of TOMOYO? | ||
42 | Realities of Mainlining | ||
43 | http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf | ||
44 | |||
45 | --- What is future plan? --- | ||
46 | |||
47 | We believe that inode based security and name based security are complementary | ||
48 | and both should be used together. But unfortunately, so far, we cannot enable | ||
49 | multiple LSM modules at the same time. We feel sorry that you have to give up | ||
50 | SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. | ||
51 | |||
52 | We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM | ||
53 | version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ . | ||
54 | LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning | ||
55 | to port non-LSM version's functionalities to LSM versions. | ||