Info: Version 1.3 is available.
Last modified: $Date: 2013-03-04 22:48:51 +0900 (Mon, 04 Mar 2013) $
Q1: What is TOMOYO Linux?
A1: A Linux kernel that can automatically generate policies for Mandatory Access Control.
Q2: Who are the target users?
A2: Administrators who can't spend their energy for server security managements.
Q3: What are the target systems?
A3: Other than desktop use (i.e. servers and embedded systems).
Q4: Is X environment supported?
A4: Currently there is no plan to support.
Q5: How much extra memory is consumed?
A5: Fixed part (code and data in the kernel) is about 80 KB, variant part (access permissions) is a few hundred KB.
Q6: How large is the performance loss?
A4: Not tested formally, but users won't recognize.
Q7: Which kernel versions are supported?
A7: 2.4.30 and later and 2.6.11 and later downloadable from https://www.kernel.org/.
Q8: Is it possible to support patched kernels from distributors?
A8: Yes, if you manually inserts hooks.
Q9: What is the license?
A9: It is GPL.
Q10: Does TOMOYO Linux have any usage other than Mandatory Access Control?
A10: You can create custom filesystem images with minimum files.
Q1: Is the policy syntax easy?
A1: Yes, it's very easy.
Q2: Can I update policies dynamically?
A2: Yes, but memory used by old policies are not freed.
Q3: Will processes referring old policies crash by updating policies?
A3: No, processes won't crash because the old policies remains in the kernel.
Q4: Do I need to restart processes after updating policies?
A4: No, processes will automatically refer new policies.
Q5: What measures against tampering policies are there?
A5: Restrict programs that can modify policies, and restrict domains that can execute programs that can modify policies.
Q6: What is domain?
A6: The domain in TOMOYO Linux is a history of process execution.
Q7: How can I edit policies?
A7: CUI editors are included. You may use arbitrary text editors.
Q8: What is "ACCEPT mode"?
A8: A mode that access permissions are appended automatically.
Q9: Aren't there problems appending access permissions automatically?
A9: Almost no problem, for TOMOYO Linux uses absolute pathnames and fine-grained domain divisions.
Q10: Can I update packages while the Mandatory Access Control is enabled?
A10: Please do it in the "trusted domain", which Mandatory Access Control for domains is not applied.
Q11: Can I protect only daemon processes like SELinux's Targeted Policy?
A11: Yes.
Q1: What is the security model of TOMOYO Linux?
A1: Only DTE.
Q2: Are there concepts of users and roles?
A2: No, but it's possible to delegate a part of administration tasks.
Q3: Are patching to userland applications required?
A3: No.
Q4: TOMOYO Linux can't protect sshd from exploit codes, can it?
A4: No, but it's possible to countermeasure illegal logins by enforcing additional authentication.
Q5: Which division is TOMOYO Linux categorized in TCSEC?
A5: I don't know.
Q6: What security labels does TOMOYO Linux use?
A6: TOMOYO Linux uses absolute pathnames as security labels.
Q7: Can I use wildcards for pathnames?
A7: Yes.
Q8: Is MLS supported?
A8: No. Save in the different directories according to sensitivity level of the file.
Q9: Are there functions like LIDS's stateful ACL?
A9: No.
Q10: Is the correctness of security labels guaranteed?
A10: Since pathnames are used as security labels, the correctness of security labels is guaranteed unless the directory entry get corrupted.
Q11: Are resources other than files are protected?
A11: TOMOYO Linux supports network ports, signal transmissions, capability etc.
Q12: Are device files protected from being tampered with?
A12: You can use tamper-proof /dev filesystem.
Q13: Are there other functions?
A13: TOMOYO Linux can restrict operations that affect the system wide.
Q14: Why not use LSM?
A14: I can't, for current specification of LSM doesn't pass parameters that TOMOYO Linux needs.