diff --git a/Documentation/tomoyo.txt b/Documentation/tomoyo.txt new file mode 100644 index 0000000000000000000000000000000000000000..b3a232cae7f8d2bf41683cc32f15840b87467335 --- /dev/null +++ b/Documentation/tomoyo.txt @@ -0,0 +1,55 @@ +--- What is TOMOYO? --- + +TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. + +LiveCD-based tutorials are available at +http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/ubuntu8.04-live/ +http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/centos5-live/ . +Though these tutorials use non-LSM version of TOMOYO, they are useful for you +to know what TOMOYO is. + +--- How to enable TOMOYO? --- + +Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on +kernel's command line. + +Please see http://tomoyo.sourceforge.jp/en/2.2.x/ for details. + +--- Where is documentation? --- + +User <-> Kernel interface documentation is available at +http://tomoyo.sourceforge.jp/en/2.2.x/policy-reference.html . + +Materials we prepared for seminars and symposiums are available at +http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . +Below lists are chosen from three aspects. + +What is TOMOYO? + TOMOYO Linux Overview + http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf + TOMOYO Linux: pragmatic and manageable security for Linux + http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf + TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box + http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf + +What can TOMOYO do? + Deep inside TOMOYO Linux + http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf + The role of "pathname based access control" in security. + http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf + +History of TOMOYO? + Realities of Mainlining + http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf + +--- What is future plan? --- + +We believe that inode based security and name based security are complementary +and both should be used together. But unfortunately, so far, we cannot enable +multiple LSM modules at the same time. We feel sorry that you have to give up +SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. + +We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM +version of TOMOYO, available at http://tomoyo.sourceforge.jp/en/1.6.x/ . +LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning +to port non-LSM version's functionalities to LSM versions. diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index a0affd9cfca8ba6dba57c349d1f7e799c474c8cc..d4d41b3efc7c9f68ac786c1cae0ad8f1e0fe2c90 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ @@ -1773,7 +1773,7 @@ void tomoyo_load_policy(const char *filename) envp[2] = NULL; call_usermodehelper(argv[0], argv, envp, 1); - printk(KERN_INFO "TOMOYO: 2.2.0-pre 2009/02/01\n"); + printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n"); printk(KERN_INFO "Mandatory Access Control activated.\n"); tomoyo_policy_loaded = true; { /* Check all profiles currently assigned to domains are defined. */ @@ -1800,7 +1800,7 @@ void tomoyo_load_policy(const char *filename) static int tomoyo_read_version(struct tomoyo_io_buffer *head) { if (!head->read_eof) { - tomoyo_io_printf(head, "2.2.0-pre"); + tomoyo_io_printf(head, "2.2.0"); head->read_eof = true; } return 0; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index e77e6a6de0f2188f402bf7643f382eaf9f2fdf8a..678f4ff16aa4477eb7b6f4e44d744dc6aac4f932 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 2f2b449ffd2d9acb99da207b64fd1b5b4d85d5ce..2d6748741a26e4f08e28872d79d846d06e07c6c7 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 65f50c1c5ee97aa10eec4607589089bb42231766..2316da8ec5bcaf13485aca9f93bdd0e01b171107 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 3bbe01a7a4b5cd9eaa713760bc4a4423d07eb884..bf8e2b451687fac607d109147c16284375093c09 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h index 7ec9fc9cbc071f9f7d7d89264e84ee0ac916da3a..78217a37960b2e293afaae73d7bf749fe45e1ba3 100644 --- a/security/tomoyo/realpath.h +++ b/security/tomoyo/realpath.h @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3eeeae12c4dcde1569e9b809bc97aa6dbf07d464..5b481912752a91e10199cef23f664d76454ec751 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index a0c8f6e0bea4e7b947c2b0247c16a6b5f2238aa3..41c6ebafb9c561ad203cc52cef886378e01309e7 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */