Download List

Project Description

TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and had been sponsored by NTT DATA Corporation, Japan until March 2012.

TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.

System Requirements

System requirement is not defined

Released at 2006-06-02 21:22
ccs-patch 1.1.2-20060602 (1 files Hide)

Release Notes

No Release Notes

Changelog

Fix 2006/05/16

@ Support program files aggregation.

Until now, programs that have no fixed names and their
parent programs had to be run in a trusted domain
since it is impossible to use patterns for granting
execute permission and defining domains.
I introduced a mechanism to aggregate similar programs
using 'aggregator' directive.
Some examples:

'aggregator /tmp/logrotate.\?\?\?\?\?\? /tmp/logrotate.tmp'
to run all temporary programs for logrotate as /tmp/logrotate.tmp

'aggregator /usr/bin/tac /bin/cat'
to run /usr/bin/tac and /bin/cat as /bin/cat

Fix 2006/05/18

@ Unlimit max count for audit log.

I forgot to replace MAX_GRANT_LOG and MAX_REJECT_LOG with INT_MAX
so that administrators can give any size for audit logs at runtime.

Fix 2006/05/22

@ Support individual domain ACL removal.

Until now, to remove ACLs from a domain, administrator had to
once delete and recreate that domain, which wastes a lot of memory.
I introduced a mechanism to remove domain ACL without deleting and
recreating domains.
Administrator can delete domains or remove ACLs from domains
via /proc/ccs/policy/domain_policy .
/proc/ccs/policy/delete_domain and /proc/ccs/policy/update_domain
were removed.

Fix 2006/05/30

@ Add missing spinlock in SAKURA_MayMount().

vfsmount_lock was missing.

Version 1.1.2 2006/06/02 Functionality enhancement release.