|This article needs additional citations for verification. (September 2010) (Learn how and when to remove this template message)|
|Original author(s)||NTT Data Corporation|
|Type||Mandatory access control|
Tomoyo Linux is a MAC implementation for Linux that can be used to increase the security of a system, while also being useful purely as a systems analysis tool. It was launched in March 2003 and was sponsored by NTT Data Corporation until March 2012.
Tomoyo Linux focuses on system behavior. Tomoyo Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, Tomoyo Linux restricts each process to the behaviors and resources allowed by the administrator.
The main features of Tomoyo Linux include:
- System analysis
- Increased security through Mandatory Access Control
- Automatic policy generation
- Simple syntax
- Ease of use
History and versions
The Tomoyo Linux project started as a patch for the Linux kernel to provide MAC. Porting Tomoyo Linux to the mainline Linux kernel required the introduction of hooks into the LSM that had been designed and developed specifically to support SELinux and its label-based approach.
However, more hooks are needed to integrate the remaining MAC functionality of Tomoyo Linux. Consequently, the project is following two parallel development lines:
- "Tomoyo Linux Home Page". Tomoyo.osdn.jp. Retrieved 2013-05-23.
- "Tomoyo Linux, an alternative Mandatory Access Control". Linux 2 6 30. Linux Kernel Newbies.
- "Tomoyo #14 patch submission to LKML". LWN.net.