Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Overview 2 Features 3 History and versions 4 Naming 5 References 6 External links

Tomoyo Linux

●Boarisch ●Deutsch ●Español ●한국어 ●Italiano ●日本語 ●Norsk bokmål ●Русский Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version In other projects ●Wikimedia Commons Appearance From Wikipedia, the free encyclopedia

This article needs additional citations for verification. Please help improve this articlebyadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Tomoyo Linux" – news · newspapers · books · scholar · JSTOR (September 2010) (Learn how and when to remove this message)

Tomoyo Linux

Tomoyo Linux 2.x Domain Policy Editor
Original author(s)	NTT Data Corporation
Repository	svn.osdn.net/svnroot/tomoyo/
Operating system	Linux
Type	Mandatory access control
License	GPLv2
Website	tomoyo.osdn.jp

Tomoyo Linux (stylised as TOMOYO Linux) is a Linux kernel security module which implements mandatory access control (MAC).

Overview[edit]

Tomoyo Linux is a MAC implementation for Linux that can be used to increase the security of a system, while also being useful purely as a systems analysis tool. It was launched in March 2003 and was sponsored by NTT Data Corporation until March 2012.^[1]

Tomoyo Linux focuses on system behaviour. Tomoyo Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, Tomoyo Linux restricts each process to the behaviours and resources allowed by the administrator.

Features[edit]

The main features of Tomoyo Linux include:

System analysis
Increased security through Mandatory Access Control
Automatic policy generation
Simple syntax
Ease of use

History and versions[edit]

Tomoyo was merged in Linux Kernel mainline version 2.6.30 (2009, June 10)/^[2] It is currently one of four standard Linux Security Modules (LSM), along with SELinux, AppArmor and SMACK.

The Tomoyo Linux project started as a patch for the Linux kernel to provide MAC. Porting Tomoyo Linux to the mainline Linux kernel required the introduction of hooks^[3] into the LSM that had been designed and developed specifically to support SELinux and its label-based approach.

However, more hooks are needed to integrate the remaining MAC functionality of Tomoyo Linux. Consequently, the project is following two parallel development lines:

Tomoyo Linux 1.x, original version

uses purposely created non-standard hooks

fully featured MAC

released as a patch for Linux kernel – Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.

latest version: 1.7.1

Tomoyo Linux 2.x, mainline version

uses standard LSM hooks
fewer features
integral part of Linux kernel version 2.6.30
latest version: 2.5.0 included in Linux kernel 3.2

Akari (stylised as AKARI), Tomoyo 1.x fork

uses standard LSM hooks
fewer features than Tomoyo 1.x, but more than Tomoyo 2.x
released as LKM (Loadable Kernel Module), so no recompilation of the kernel is necessary

Naming[edit]

The name 'TOMOYO' is, officially speaking, a backronym for "Task Oriented Management Obviates Your Onus". According to one of the developers Tetsuo Handa, it's also a reference to the character Tomoyo Daidouji from Cardcaptor Sakura.^[4]