TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and had been sponsored by NTT DATA Corporation, Japan until March 2012.
TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.
@ Add setattr() missing hook in SYAORAN fs.
setattr() checking for special inode was missing.
@ Allow initrd.img include /sbin/init .
Since version 1.0 loads policy when /sbin/init is called
for the first time, initrd.img without the policy directory
mustn't start /sbin/init . This forced users not to use
initrd.img that includes /sbin/init .
I modified to delay loading policy if the policy directory
doesn't exist and wait for /sbin/init being called again.
@ Use lookup_one_len() instead of lookup_hash().
Kernel 2.6.15 changed parameters for lookup_hash().
I modified to use lookup_one_len() to keep compatibility.
@ Add S_ISDIR() check in SYAORAN fs.
Malicious configuration file that attempts to create an inode
under non-directory inode caused segmentation fault.