TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and had been sponsored by NTT DATA Corporation, Japan until March 2012.
TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.
Version 1.3 2006/11/11 First anniversary release.
The following program was redesigned.
checkpolicy:
A policy validator.
Reads policy from stdin and prints syntax errors with line numbers.
The following programs were added.
setprofile:
Assigns profiles to domains.
pathmatch:
Reads pathname patterns and expands them.
domainmatch:
fgrep for /proc/ccs/policy/domain_policy .
ccstree:
pstree with profile numbers and domain names.
patternize:
Reads domain policy and patternize pathnames.
proxy:
A tiny TCP port forwarder, binding to local port explicitly
to allow servers filter based on client's port numbers.
mailauth:
An example program for CERBERUS.
timeauth:
An example program for CERBERUS, similar to honey.
The following programs were removed.
If you need them, please take from version 1.2 .
"remount_rootfs" "linuxrc"
"dumplink" "dumpsymlink" "makelink" "makesymlink"
The following program for testing TOMOYO Linux's kernel was added.
"tomoyo_rewrite_test"
TOMOYO
Fork