Ubuntu kernels with TOMOYO Linux extension
penguin-kernel at I-love.SAKURA.ne.jp
Wed Aug 20 12:00:51 UTC 2008
Thank you for forwarding, Tim.
> Our security expert has this opinion:
> > I'm not very interested in supporting another out-of-mainline MAC
> > system. I'm additionally worried that since it doesn't use LSM, it's
> > even less likely to make it into upstream. At least AppArmor keeps
> > seeing forward progress in the VFS changes they've been needing.
Please forgive me continuing a bit.
TOMOYO 2.x, which is developed for merging into upstream, uses LSM.
Both AppArmor and TOMOYO 2.x remain stuck because of "struct vfsmount" problem.
If the problem is solved, both can challenge upstream.
TOMOYO 1.x, which I'm proposing for distributor's kernels, doesn't use LSM.
There are two reasons. One is that the "struct vfsmount" problem remains
unresolved. The other is that LSM is not stackable. If TOMOYO uses LSM, users
have to give up use of AppArmor (or SELinux or SMACK).
Every implementation has specialty and weakness. TOMOYO 1.x helps compensating
for other implementation's weakness.
TOMOYO 1.x can coexist with other implementations, and Mandriva 2008.1's kernel
enables both AppArmor and TOMOYO 1.6.3 .
The amount of changes against existing kernel code is small.
For example, the below URL is the patch for Intrepid's 2.6.26-5.17 kernel.
Many people think TOMOYO is merely for MAC. But it is not correct.
Fumihito YOSHIDA (Ubuntu Japanese Team's member, who is maintaining TOMOYO
Linux for Ubuntu-ja's repository and helping me to merge TOMOYO Linux into
Ubuntu's repository) says that TOMOYO is useful for writing documents and
helpful for debugging applications, as TOMOYO reports what is happening in the
Linux system very deeply.
TOMOYO Linux is useful for users to learn Linux, useful for developers to
analyze and debug Linux applications, as well as useful for users to protect
Please browse following URL, and you will find it interesting.
More information about the kernel-team