Info: Version 1.4.x is available.

TOMOYO Linux kernel compilation

Last modified: $Date: 2013-03-04 22:48:51 +0900 (Mon, 04 Mar 2013) $

TOMOYO Linux provides some binary kernel packages, but if the CPU architecture differs or you want to customize the kernel configuration, you need to compile kernel. To compile kernel, the following packages are needed.

TOMOYO Linux can enable functions selectively. Choose "File systems" at menuconfig and scroll to the bottom, and you will see the following options.

Refer the descriptions below and choose options you want to support.

Controlling read/write/execute for files.

This function restricts files and directories accessible for programs.

The granularity is defined as the following.

PermissionAccess granted by the permission
1Execute the program.
2Open the file for writing.
3Open the file for writing./Execute the program.
4Open the file for reading.
5Open the file for reading./Execute the program.
6Open the file for reading and writing.
7Open the file for reading and writing./Execute the program.
allow_createCreate the file.
allow_unlinkDelete the file.
allow_mkdirCreate the directory.
allow_rmdirRemove the directory.
allow_mkfifoCreate the FIFO.
allow_mksockCreate the UNIX domain socket.
allow_mkblockCreate the block device file.
allow_mkcharCreate the character device file.
allow_truncateTruncate or expand the file.
allow_symlinkCreate the symbolic link.
allow_linkCreate the hard link.
allow_renameRename the file.
allow_rewriteOverwrite already written part.

To enable this function, choose the following options.

  • [*] TOMOYO (Domain-Based Mandatory Access Control) support
  • [*]   File Access Control support

This function is essential for restricting domain transitions of TOMOYO Linux. If you don't enable this function, "TOMOYO (Domain-Based Mandatory Access Control) support" can't work properly because it is impossible to restrict domain transitions.

Controlling use of capabilities.

This function restricts capabilities allowed for programs.

The capability used by standard Linux is called "POSIX capability". Since the maximal kind of capability is limited to 32, some specific capability (especially CAP_SYS_ADMIN capability) tends to used by many purposes, making impossible to perform fine-grained capability checking. Therefore, TOMOYO Linux doesn't control POSIX capability. The capability used by TOMOYO Linux is defined based on original standards.

The granularity is defined as the following.

CapabilityOperations granted by the capability
inet_tcp_createUse of TCP socket.
inet_tcp_listenListening TCP socket.
inet_tcp_connectConnecting TCP socket.
use_inet_udpUse of UDP socket.
use_inet_ipUse of RAW socket.
use_routeUse of ROUTE socket.
use_packetUse of PACKET socket.
use_kernel_moduleUse of kernel modules.
create_fifoCreating FIFO.
create_block_devCreating block device file.
create_char_devCreating character device file.
create_unix_socketCreating UNIX domain socket.
SYS_MOUNTMounting filesystem.
SYS_UMOUNTUnmounting filesystem.
SYS_REBOOTRebooting the system.
SYS_CHROOTChanging the "/" directory.
SYS_KILLSending signals.
SYS_VHANGUPUse of vhangup.
SYS_TIMESetting system's clock.
SYS_NICESetting process priority.
SYS_SETHOSTNAMESetting hostname or domainname.
SYS_LINKCreating hard link.
SYS_SYMLINKCreating symbolic link.
SYS_RENAMERenaming file.
SYS_UNLINKDeleting file.
SYS_CHMODChanging file's permissions.
SYS_CHOWNChanging file's owner or group.
SYS_IOCTLUse of ioctl.
SYS_KEXEC_LOADLoading new kernel.
SYS_PIVOT_ROOTExchanging the "/" directory.

To enable this function, choose the following options.

  • [*] TOMOYO (Domain-Based Mandatory Access Control) support
  • [*]   Capability Control support

Controlling use of TCP/IP networking

This function restricts IP addresses and port numbers programs can use.

You can use this function to allow, for example, allowing UDP communication with DNS server's IP address and port 53 and/or restricting the range of acceptable IP addresses for SSH server.

To enable this function, choose the following options.

  • [*] TOMOYO (Domain-Based Mandatory Access Control) support
  • [*]   Network Address Port Control support

Controlling use of signal numbers and destination domains

This function restricts the combination of signal numbers and destination domains programs can use.

You can use this function to prevent crackers from sending arbitrary signals to arbitrary processes to terminate arbitrary services.

To enable this function, choose the following options.

  • [*] TOMOYO (Domain-Based Mandatory Access Control) support
  • [*]   Signal Control support

Limit passing different names on program execution

This function limits passing different names on program execution.

When a program is executed, the name of program and parameters for the program are passed in the form of array of string called argv[]. The first element (argv[0]) contains the name of program.
Some programs behave differently depending on the content of argv[0]. For such programs, the actual behavior is determined based on the content of argv[0], while the actual domain transition is determined based on the pathname of the program.
This mismatch allows crackers passing different values for the pathname of the program and argv[0] intently to cause unexpected behavior. You can use this function to limit the acceptable combination of the pathname of the program and argv[0] when the pathname of the program and argv[0] differ.

To enable this function, choose the following options.

  • [*] TOMOYO (Domain-Based Mandatory Access Control) support
  • [*]   argv[0] checker support

Controlling "the combination of device files and mount points and filesystems" and applying "specific mount options" forcefully

In Linux, arbitrary filesystems can be mounted on arbitrary directories if the process has the administrator's privileges. This means that if a process with the administrator's privileges has been hijacked, tmpfs may be mounted on /bin/ directory to replace normal programs with malicious programs, tmpfs may be mounted on /var/www/ directory to shadow WWW contents.

If you enable TOMOYO Linux's capability control, you can restrict domains that can do mount operation. But such domains can do arbitrary mount operation if the capability is given, and it's not desirable.

You can use this function to restrict the combination of device files and mount points and filesystems.

This function also includes functions to forcefully apply specific mount options. For example, if you command enforcing nodev option for /tmp/ partition to avoid accessing device files, the kernel will mount with nodev option applied even if the user requested to mount with dev option.

To enable this function, choose the following options.

  • [*] SAKURA (Domain-Free Mandatory Access Control) support
  • [*]   mount() restriction support

Forbidding unmounting specific directories.

In Linux, arbitrary mount points can be unmounted if the process has the administrator's privileges. This means that if a process with the administrator's privileges has been hijacked, proc filesystem mounted on /proc/ directory may be unmounted to cause application malfunction.

If you enable TOMOYO Linux's capability control, you can restrict domains that can do unmount operation. But such domains can do arbitrary unmount operation if the capability is given, and it's not desirable.

You can use this function to prevent specific mount points from unmounting.

To enable this function, choose the following options.

  • [*] SAKURA (Domain-Free Mandatory Access Control) support
  • [*]   umount() restriction support

Rejecting mount requests that will shadow existent mount points

In Linux, it is possible to mount on a mount point that is already mounted on if the process has the administrator's privileges. This means that if a process with the administrator's privileges has been hijacked, tmpfs can be mounted on /var/ partition that is already mounted to cause application malfunction.

If you enable TOMOYO Linux's capability control, you can restrict domains that can do mount operation. But such domains can do arbitrary mount operation if the capability is given, and it's not desirable.

You can use this function to reject mount request that will shadow existent mount points.

To enable this function, choose the following options.

  • [*] SAKURA (Domain-Free Mandatory Access Control) support
  • [*]   Conceal mount disabler support

Restricting directories that are allowed to chroot to

In Linux, it is possible to chroot to arbitrary directories if the process has the administrator's privileges. This means that if a process with the administrator's privileges has been hijacked, the cracker can chroot to inappropriate directory to cause application malfunction.

If you enable TOMOYO Linux's capability control, you can restrict domains that can do chroot operation. But such domains can do arbitrary chroot operation if the capability is given, and it's not desirable.

You can use this function to restrict directories that are allowed to chroot to.

To enable this function, choose the following options.

  • [*] SAKURA (Domain-Free Mandatory Access Control) support
  • [*]   chroot() restriction support

Restricting directories that are allowed to pivot_root

While chroot moves "/" directory, pivot_root exchanges "/" directory. In many cases, pivot_root is used only once on boot, and is seldom used after boot.

You can use this function to restrict directories that are allowed to exchange.

To enable this function, choose the following options.

  • [*] SAKURA (Domain-Free Mandatory Access Control) support
  • [*]   pivot_root() restriction support

Restricting local port ranges for automatically assignment for TCP/IP networking

In Linux, an unused local port number within the range defined in /sys/net/ipv4/ip_local_port_range is assigned when a process called bind() with port number 0 or called connect() without bind(). But only the minimal and maximal values can be controlled by /sys/net/ipv4/ip_local_port_range and there is no functions to exclude specific values.

For example, even if you want to reserve local port 8080 for proxy server program, if /sys/net/ipv4/ip_local_port_range has the values 1024 65535, the port 8080 can be assigned to other programs by automatic local port number assignment. You won't be able to start proxy server since the port 8080 is already in use. Also, some clients that want to connect to proxy server program will connect to the port 8080, but the clients will be connected to programs other than proxy server program.

You can use this function to exclude specific local port numbers for automatic local port number assignment (which is equivalent to allow defining multiple ranges in /proc/sys/net/ipv4/ip_local_port_range).

To enable this function, choose the following options.

  • [*] SAKURA (Domain-Free Mandatory Access Control) support
  • [*]   Autobind restriction support

Device filesystem that can ensure device's attributes

There are many device files in the /dev directory. It is mandatory for system security that the device files are always associated with correct devices. For example, if /dev/null exists with major-8-0 (/dev/sda) attributes instead of char-1-3, the contents of the SCSI HDD will be destroyed at a blow. Also, if /dev/null exists as a regular file, this may cause leak of information.

Therefore, by mounting SYAORAN filesystem that can enforce the combinations of filenames and attributes on /dev/ directory, you can ensure, for example, /dev/null always exists with char-1-3 attributes.

To enable this function, choose the following options.

  • <m> SYAORAN (Tamper-Proof Device Filesystem) support

If you are using udev, udev will automatically mounts tmpfs on /dev/ directory and SYAORAN filesystem previously mounted gets shadowed. To prevent such mounts, choose the following options too if you are using udev.

  • [*] SAKURA (Domain-Free Mandatory Access Control) support
  • [*]   Conceal mount disabler support

The 2.6 kernels have a compilation option named CONFIG_DEBUG_INFO. If this option is enabled, the compiled code's size becomes about 10 times larger. Enabling this option consumes about 1 GB of extra disk space for /usr/src/ directory and about 300 MB of extra disk space for /lib/modules/ directory.
To save disk space, disable the following option.

Kernel hacking --->[ ]   Compile the kernel with debug info

Choose the version you want to use from the following list.


Kernel 2.4.20-46.9.legacy for RedHat Linux 9

# Download and install kernel source.
wget http://ftp.riken.go.jp/Linux/fedoralegacy/redhat/9/updates/i386/kernel-source-2.4.20-46.9.legacy.i386.rpm
rpm -ivh kernel-source-2.4.20-46.9.legacy.i386.rpm
# Move to the source directory.
cd /usr/src/linux-2.4.20-46.9.legacy/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.4.20-46.9.legacy.txt
# Remove all temporary files but configuration file.
mv .config config
make -s distclean
mv config .config
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s dep modules modules_install install

Kernel 2.6.12-2.3.legacy_FC3 for Fedora Core 3

# Download and install kernel source.
wget http://ftp.riken.go.jp/Linux/fedoralegacy/fedora/3/updates/SRPMS/kernel-2.6.12-2.3.legacy_FC3.src.rpm
rpm -ivh kernel-2.6.12-2.3.legacy_FC3.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i586 /usr/src/redhat/SPECS/kernel-2.6.spec
mv /usr/src/redhat/BUILD/kernel-2.6.12/linux-2.6.12/ /usr/src/linux-2.6.12-2.3.legacy_FC3
# Move to the source directory.
cd /usr/src/linux-2.6.12-2.3.legacy_FC3/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -2.3.legacy_FC3/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.12-2.3.legacy_FC3.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s modules modules_install install

Kernel 2.6.17-1.2142_FC4 for Fedora Core 4

# Download and install kernel source.
wget http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/SRPMS/kernel-2.6.17-1.2142_FC4.src.rpm
rpm -ivh kernel-2.6.17-1.2142_FC4.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i586 /usr/src/redhat/SPECS/kernel-2.6.spec
mv /usr/src/redhat/BUILD/kernel-2.6.17/linux-2.6.17/ /usr/src/linux-2.6.17-1.2142_FC4
# Move to the source directory.
cd /usr/src/linux-2.6.17-1.2142_FC4/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -1.2142_FC4/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.17-1.2142_FC4.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.20-1.2320.fc5 for Fedora Core 5

# Download and install kernel source.
wget http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/kernel-2.6.20-1.2320.fc5.src.rpm
rpm -ivh kernel-2.6.20-1.2320.fc5.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i586 /usr/src/redhat/SPECS/kernel-2.6.spec
mv /usr/src/redhat/BUILD/kernel-2.6.20/linux-2.6.20.i586/ /usr/src/linux-2.6.20-1.2320.fc5
# Move to the source directory.
cd /usr/src/linux-2.6.20-1.2320.fc5/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -1.2320.fc5/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.20-1.2320.fc5.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1962&aid=10549'
patch -sp1 < ccs-patch-2.6.20-1.2320.fc5.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.20-1.2962.fc6 for Fedora Core 6

# Download and install kernel source.
wget http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/SRPMS/kernel-2.6.20-1.2962.fc6.src.rpm
rpm -ivh kernel-2.6.20-1.2962.fc6.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i586 /usr/src/redhat/SPECS/kernel-2.6.spec
mv /usr/src/redhat/BUILD/kernel-2.6.20/linux-2.6.20.i586/ /usr/src/linux-2.6.20-1.2962.fc6
# Move to the source directory.
cd /usr/src/linux-2.6.20-1.2962.fc6/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -1.2962.fc6/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.20-1.2962.fc6.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1966&aid=10549'
patch -sp1 < ccs-patch-2.6.20-1.2962.fc6.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.21-1.3228.fc7 for Fedora 7

# Download and install kernel source.
wget http://download.fedora.redhat.com/pub/fedora/linux/core/development/source/SRPMS/kernel-2.6.21-1.3228.fc7.src.rpm
rpm -ivh kernel-2.6.21-1.3228.fc7.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i586 /usr/src/redhat/SPECS/kernel-2.6.spec
mv /usr/src/redhat/BUILD/kernel-2.6.21/linux-2.6.21.i586/ /usr/src/linux-2.6.21-1.3228.fc7
# Move to the source directory.
cd /usr/src/linux-2.6.21-1.3228.fc7/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -1.3228.fc7/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.21-1.3228.fc7.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1956&aid=10549'
patch -sp1 < ccs-patch-2.6.21-1.3228.fc7.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.9-55.0.2.EL for CentOS 4.5

# Download and install kernel source.
wget http://mirrors.kernel.org/centos/4.5/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm
rpm -ivh kernel-2.6.9-55.0.2.EL.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i586 /usr/src/redhat/SPECS/kernel-2.6.spec
mv /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9/ /usr/src/linux-2.6.9-55.0.2.EL
# Move to the source directory.
cd /usr/src/linux-2.6.9-55.0.2.EL/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -55.0.2.EL/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.9-55.0.2.EL.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1968&aid=10549'
patch -sp1 < ccs-patch-2.6.9-55.0.2.EL.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.18-8.1.6.el5 for CentOS 5

# Download and install kernel source.
wget http://mirrors.kernel.org/centos/5.0/updates/SRPMS/kernel-2.6.18-8.1.6.el5.src.rpm
rpm -ivh kernel-2.6.18-8.1.6.el5.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i686 /usr/src/redhat/SPECS/kernel-2.6.spec
mv /usr/src/redhat/BUILD/kernel-2.6.18/linux-2.6.18.i686/ /usr/src/linux-2.6.18-8.1.6.el5
# Move to the source directory.
cd /usr/src/2.6.18-8.1.6.el5/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -8.1.6.el5/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.18-8.1.6.el5.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1958&aid=10549'
patch -sp1 < ccs-patch-2.6.18-8.1.6.el5.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.4.27-10sarge5 for Debian Sarge

# Download and install kernel source.
apt-get install kernel-source-2.4.27
tar -jxf /usr/src/kernel-source-2.4.27.tar.bz2
# Move to the source directory.
cd kernel-source-2.4.27/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.4.27-10sarge5.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s dep install modules modules_install
# Create initrd.
mkinitrd -o /boot/initrd.img-2.4.27-10sarge5-ccs 2.4.27-10sarge5-ccs

Kernel 2.6.8-16sarge7 for Debian Sarge

# Download and install kernel source.
apt-get install kernel-source-2.6.8
tar -jxf /usr/src/kernel-source-2.6.8.tar.bz2
# Move to the source directory.
cd kernel-source-2.6.8/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.8-16sarge7.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1960&aid=10549'
patch -sp1 < ccs-patch-2.6.8-16sarge7.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s install modules modules_install
# Create initrd.
mkinitrd -o /boot/initrd.img-2.6.8-16sarge7-ccs 2.6.8-16sarge7-ccs

Kernel 2.6.18-12etch2 for Debian Etch

# Download and install kernel source.
apt-get install linux-source-2.6.18
tar -jxf /usr/src/linux-source-2.6.18.tar.bz2
# Move to the source directory.
cd linux-source-2.6.18/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.18-12etch2.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s install modules modules_install
# Create initrd.
mkinitrd -o /boot/initrd.img-2.6.18-ccs 2.6.18-ccs

Kernel 2.6.16.27-0.9 for OpenSUSE 10.1

# Download and install kernel source.
wget http://ftp.novell.co.jp/pub/suse/suse/update/10.1/rpm/i586/kernel-source-2.6.16.27-0.9.i586.rpm
rpm -ivh kernel-source-2.6.16.27-0.9.i586.rpm
# Move to the source directory.
cd /usr/src/linux-2.6.16.27-0.9/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.16.27-0.9_SUSE.txt
# Move to the output directory.
cd /usr/src/linux-2.6.16.27-0.9-obj/i386/default/
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.18.8-0.3 for OpenSUSE 10.2

# Download and install kernel source.
wget http://ftp.novell.co.jp/pub/suse/suse/update/10.2/rpm/i586/kernel-source-2.6.18.8-0.3.i586.rpm
rpm -ivh kernel-source-2.6.18.8-0.3.i586.rpm
# Move to the source directory.
cd /usr/src/linux-2.6.18.8-0.3/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.18.8-0.3_SUSE.txt
# Move to the output directory.
cd /usr/src/linux-2.6.18.8-0.3-obj/i386/default/
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.9-42.14AX for Asianux 2.0

# Download and install kernel source.
wget http://ftp.miraclelinux.com/pub/Miracle/ia32/standard/4.0/updates/SRPMS/kernel-2.6.9-42.14AX.src.rpm
rpm -ivh kernel-2.6.9-42.14AX.src.rpm
# Prepare for compilation.
rpmbuild -bp --target i686 /usr/src/asianux/SPECS/kernel-2.6.spec
mv /usr/src/asianux/BUILD/kernel-2.6.9/linux-2.6.9/ /usr/src/linux-2.6.9-42.14AX
# Move to the source directory.
cd /usr/src/linux-2.6.9-42.14AX/
# Modify version number.
sed -i 's/EXTRAVERSION = -prep/EXTRAVERSION = -42.14AX/' Makefile
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.9-42.14AX.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1951&aid=10549'
patch -sp1 < ccs-patch-2.6.9-42.14AX.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install

Kernel 2.6.17.14-ubuntu1 for Ubuntu 6.10

# Download and install kernel source.
apt-get install linux-source-2.6.17
tar -jxf /usr/src/linux-source-2.6.17.tar.bz2
# Move to the source directory.
cd linux-source-2.6.17/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.17.14-ubuntu1.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s install modules modules_install
# Create initramfs.
mkinitramfs -o /boot/initrd.img-2.6.17.14-ubuntu1-ccs 2.6.17.14-ubuntu1-ccs

Kernel 2.6.20.3-ubuntu1 for Ubuntu 7.04

# Download and install kernel source.
apt-get install linux-source-2.6.20
tar -jxf /usr/src/linux-source-2.6.20.tar.bz2
# Move to the source directory.
cd linux-source-2.6.20/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.20.3-ubuntu1.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s install modules modules_install
# Create initramfs.
mkinitramfs -o /boot/initrd.img-2.6.20.3-ubuntu1-ccs 2.6.20.3-ubuntu1-ccs

Kernel 2.6.16-0vl73 for VineLinux 4.1

# Create a symlink to avoid errors upon "make install".
ln -s /bin/true /sbin/lilo
# Download and install kernel source.
apt-get install kernel-source
# Move to the source directory.
cd /usr/src/linux-2.6.16/
# Download and apply TOMOYO Linux patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
patch -sp1 < ccs-patch-2.6.16-0vl73.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s modules modules_install install
# Create initrd.
mkinitrd /boot/initrd.img-2.6.16-0vl73-ccs 2.6.16-0vl73-ccs
# Update symlinks.
ln -sf /boot/vmlinuz-2.6.16-0vl73-ccs /boot/vmlinuz
ln -sf /boot/initrd.img-2.6.16-0vl73-ccs /boot/initrd.img
ln -sf /boot/System.map-2.6.16-0vl73-ccs /boot/System.map

Vanilla 2.6 kernels

2.6.11 and later are supported. The following is the case of version 2.6.22 .

# Create a directory where the kernel modules are installed.
mkdir -p /lib/modules/2.6.22-ccs
# Move to the source directory.
cd /usr/src/
# Download kernel source.
wget https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.tar.bz2
# Extract.
tar -jxf linux-2.6.22.tar.bz2
# Move to the extracted directory.
cd linux-2.6.22
# Remove world writable permissions from the source code.
find -print0 | xargs -0 chmod go-w --
# Download TOMOYO Linux's kernel patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
# Extract.
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
wget -O ccs-patch-2.6.22.fc5.txt 'http://sourceforge.jp/tracker/download.php?group_id=1973&atid=7342&file_id=1972&aid=10549'
# Apply the kernel patch.
patch -sp1 < ccs-patch-2.6.22.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s
make -s install modules modules_install

Vanilla 2.4 kernels

2.4.30 and later are supported. The following is the case of version 2.4.34 .

# Create a directory where the kernel modules are installed.
mkdir -p /lib/modules/2.4.34-ccs
# Move to the source directory.
cd /usr/src/
# Download kernel source.
wget https://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.34.tar.bz2
# Extract.
tar -jxf linux-2.4.34.tar.bz2
# Move to the extracted directory.
cd linux-2.4.34
# Remove world writable permissions from the source code.
find -print0 | xargs -0 chmod go-w --
# Download TOMOYO Linux's kernel patch.
wget -O ccs-patch-1.4.1-20070605.tar.gz 'http://sourceforge.jp/frs/redir.php?m=jaist&f=/tomoyo/25542/ccs-patch-1.4.1-20070605.tar.gz'
# Extract.
tar -zxf ccs-patch-1.4.1-20070605.tar.gz
# Apply the kernel patch.
patch -sp1 < ccs-patch-2.4.34.txt
# Enable options for TOMOYO Linux.
make -s menuconfig
# Compile as usual.
make -s dep
make -s
make -s modules modules_install install

sflogo.php