Info: Version 1.4.1 is available.

TOMOYO Linux FAQ

Last modified: $Date: 2013-03-04 22:48:51 +0900 (Mon, 04 Mar 2013) $


General

Q1: What is TOMOYO Linux?

A1: A Linux kernel that can automatically generate policies for Mandatory Access Control.

Q2: Who are the target users?

A2: Administrators who can't spend their energy for server security managements.

Q3: How much extra memory is consumed?

A3: Fixed part (code and data in the kernel) is about 100 KB, variant part (access permissions) is a few hundred KB.

Q4: How large is the performance loss?

A4: Not tested formally, but users won't recognize.

Q5: Which kernel versions are supported?

A5: 2.4.30 and later and 2.6.11 and later downloadable from https://www.kernel.org/.

Q6: Is it possible to support patched kernels from distributors?

A6: Yes, if you manually inserts hooks.

Q7: What is the license?

A7: It is GPL.

Q8: Does TOMOYO Linux have any usage other than Mandatory Access Control?

A8: You can create custom filesystem images with minimum files.


Policy Management

Q1: Is the policy syntax easy?

A1: Yes, it's very easy.

Q2: What is domain?

A2: The domain in TOMOYO Linux is a history of process execution.

Q3: What is profile?

A3: The profile in TOMOYO Linux is a configuration that defines what kind of MAC to use and what level to apply.

Q4: Can I update policies dynamically?

A4: Yes, but memory used by old policies are not freed.

Q5: Do I need to restart processes after updating policies?

A5: No unless you delete a domain and recreate it.

Q6: Will processes referring old policies crash by updating policies?

A6: No, processes won't crash because the old policies remains in the kernel.

Q7: What measures against tampering policies are there?

A7: Restrict programs or domains that can modify policies.

Q8: How can I edit policies?

A8: CUI editors are included. You may use arbitrary text editors.

Q9: What is "ACCEPT mode"?

A9: A mode that access permissions are appended automatically.

Q10: Aren't there problems appending access permissions automatically?

A10: Almost no problem, for TOMOYO Linux uses absolute pathnames and fine-grained domain divisions.

Q11: Can I update packages while the Mandatory Access Control is enabled?

A11: Yes. You can do it by assigning different profiles to domains.

Q12: Can I protect only daemon processes like SELinux's Targeted Policy?

A12: Yes. You can do it by assigning different profiles to domains.


Implementation

Q1: What is the security model of TOMOYO Linux?

A1: Only DTE.

Q2: Are there concepts of users and roles?

A2: No, but it's possible to delegate a part of administration tasks.

Q3: Are patching to userland applications required?

A3: No.

Q4: TOMOYO Linux can't protect sshd from exploit codes, can it?

A4: No, but it's possible to countermeasure illegal logins by enforcing additional authentication.

Q5: Which division is TOMOYO Linux categorized in TCSEC?

A5: I don't know.

Q6: What security labels does TOMOYO Linux use?

A6: TOMOYO Linux uses absolute pathnames as security labels.

Q7: Can I use wildcards for pathnames?

A7: Yes.

Q8: Is MLS supported?

A8: No. Save in the different directories according to sensitivity level of the file.

Q9: Are there functions like LIDS's stateful ACL?

A9: No.

Q10: Is the correctness of security labels guaranteed?

A10: Since pathnames are used as security labels, the correctness of security labels is guaranteed unless the directory entry get corrupted.

Q11: Are resources other than files are protected?

A11: TOMOYO Linux supports network ports, signal transmissions, capability etc.

Q12: Are device files protected from being tampered with?

A12: You can use tamper-proof /dev filesystem.

Q13: Are there other functions?

A13: TOMOYO Linux can restrict operations that affect the system wide.

Q14: Why not use LSM?

A14: I can't, for current specification of LSM doesn't pass parameters that TOMOYO Linux needs.


Return to index

sflogo.php