cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

tomoyo.rst (2246B)

      1======
      2TOMOYO
      3======
      4
      5What is TOMOYO?
      6===============
      7
      8TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
      9
     10LiveCD-based tutorials are available at
     11
     12http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html
     13http://tomoyo.sourceforge.jp/1.8/centos6-live.html
     14
     15Though these tutorials use non-LSM version of TOMOYO, they are useful for you
     16to know what TOMOYO is.
     17
     18How to enable TOMOYO?
     19=====================
     20
     21Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
     22kernel's command line.
     23
     24Please see http://tomoyo.osdn.jp/2.5/ for details.
     25
     26Where is documentation?
     27=======================
     28
     29User <-> Kernel interface documentation is available at
     30https://tomoyo.osdn.jp/2.5/policy-specification/index.html .
     31
     32Materials we prepared for seminars and symposiums are available at
     33https://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
     34Below lists are chosen from three aspects.
     35
     36What is TOMOYO?
     37  TOMOYO Linux Overview
     38    https://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf
     39  TOMOYO Linux: pragmatic and manageable security for Linux
     40    https://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
     41  TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
     42    https://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
     43
     44What can TOMOYO do?
     45  Deep inside TOMOYO Linux
     46    https://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
     47  The role of "pathname based access control" in security.
     48    https://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf
     49
     50History of TOMOYO?
     51  Realities of Mainlining
     52    https://osdn.jp/projects/tomoyo/docs/lfj2008.pdf
     53
     54What is future plan?
     55====================
     56
     57We believe that inode based security and name based security are complementary
     58and both should be used together. But unfortunately, so far, we cannot enable
     59multiple LSM modules at the same time. We feel sorry that you have to give up
     60SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
     61
     62We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
     63version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ .
     64LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
     65to port non-LSM version's functionalities to LSM versions.