Download List

Sponsored link

Project Description

TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and had been sponsored by NTT DATA Corporation, Japan until March 2012.

TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.

System Requirements

System requirement is not defined

Released at 2007-04-01 00:00
ccs-patch 1.4-20070401 (2 files Hide)

Release Notes

No Release Notes

Changelog

Fix 2007/02/20

@ Allow address grouping.

To reduce the labor of repeating similar IPv4/IPv6 addresses,
I introduced a macro 'address_group' to make group such addresses.
For example, you had to give like

allow_network TCP accept 10.0.0.0-10.255.255.255 1024-65535
allow_network TCP accept 172.16.0.0-172.31.255.255 1024-65535
allow_network TCP accept 192.168.0.0-192.168.255.255 1024-65535

but now, you can give just

allow_network TCP accept @localnet 1024-65535

if you give

address_group localnet 10.0.0.0-10.255.255.255
address_group localnet 172.16.0.0-172.31.255.255
address_group localnet 192.168.0.0-192.168.255.255

in the exception policy.

Fix 2007/03/03

@ Remove obsolete functions.

@ Add some hooks.

Read permission check is done if open_exec()
is called from search_binary_handler().
Read permission check is not done if open_exec()
is called from do_execve(), instead,
execute permission check is done at
search_binary_handler_with_transition().

I moved the location of calling CheckCapabilityACL()
and CheckMountPermission() from sys_mount() to do_mount().

Fix 2007/03/07

@ Use 'unsigned int' for sscanf().

I compiled SYAORAN fs on x86_64 environment and found
the compiler showing warning messages about size of data types.
Since size of data types may mismatch for sscanf(),
I replaced some types with 'unsigned int'.

Version 1.4 2007/04/01 x86_64 support release.