TOMOYO

From CBLFS
Revision as of 06:01, 6 October 2007 by Weibullguy (talk | contribs) (Tried to make it look presentable and fit the template.)
Jump to navigationJump to search
Download Patch (for 2.6.22 series Kernel): http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
Download Patch (for 2.6.22 series Kernel): http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
Download Patch (for 2.6.23 series Kernel): http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/trunk/2.1.x/tomoyo-lsm/patches.tar.gz?root=tomoyo&view=tar

Introduction to TOMOYO

The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.

Project Homepage: http://tomoyo.sourceforge.jp/en/2.1.x/

Dependencies

Required

Non-Multilib or Multilib

2.6.22 Kernel

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

2.6.23 Kernel

Apply the patches to the kernel source:

for i in `cat patches/series`; do
    patch -p1 < patches/$i;
done

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features. Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support".

[*] Enable different security models
    < >   Default Linux Capabilities
    < >   Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support
Retrieved from "?title=TOMOYO&oldid=11347"