TOMOYO
Jump to navigation
Jump to search
TOMOYO is a security module which focuses on behavior of a system. A process is created to achieve something. TOMOYO lets each process declare behaviors and resources needed to achieve its purpose (like an immigration officer) and permits only declared behaviors and resources (like an operation watchdog). This approach made it possible for users to understand how a Linux system works. You can use TOMOYO as a system analysis tool as well as an access restriction tool.
Installation
Enable SECURITY_TOMOYO in the kernel config:
$ zgrep TOMOYO= /proc/config.gz CONFIG_SECURITY_TOMOYO=y
TOMOYO Tools
For TOMOYO 2.3 (Linux 2.6.36):
apt-get install libncurses5-dev help2man # Debian. Ubuntu yum install ncurses-devel help2man # Fedora, RedHat wget http://osdn.dl.sourceforge.jp/tomoyo/48663/tomoyo-tools-2.3.0-20100820.tar.gz wget http://osdn.dl.sourceforge.jp/tomoyo/48663/tomoyo-tools-2.3.0-20100820.tar.gz.asc gpg --recv-keys 4B975A98 gpg tomoyo-tools-2.3.0-20100820.tar.gz.asc tar -xzf tomoyo-tools-2.3.0-20100820.tar.gz cd tomoyo-tools patch -p1 < ~/tomoyo_install.diff sudo make install
Configuration
TBD...