Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/admin-guide/LSM/tomoyo.rst 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) ======
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) TOMOYO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) ======
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) What is TOMOYO?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) ===============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) LiveCD-based tutorials are available at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) http://tomoyo.sourceforge.jp/1.8/centos6-live.html
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) Though these tutorials use non-LSM version of TOMOYO, they are useful for you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) to know what TOMOYO is.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) How to enable TOMOYO?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) =====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) kernel's command line.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) Please see http://tomoyo.osdn.jp/2.5/ for details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) Where is documentation?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) =======================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) User <-> Kernel interface documentation is available at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) https://tomoyo.osdn.jp/2.5/policy-specification/index.html .
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) Materials we prepared for seminars and symposiums are available at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) https://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) Below lists are chosen from three aspects.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) What is TOMOYO?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)   TOMOYO Linux Overview
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)     https://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)   TOMOYO Linux: pragmatic and manageable security for Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)     https://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)   TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)     https://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) What can TOMOYO do?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45)   Deep inside TOMOYO Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)     https://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)   The role of "pathname based access control" in security.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)     https://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) History of TOMOYO?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)   Realities of Mainlining
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)     https://osdn.jp/projects/tomoyo/docs/lfj2008.pdf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) What is future plan?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) ====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) We believe that inode based security and name based security are complementary
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) and both should be used together. But unfortunately, so far, we cannot enable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) multiple LSM modules at the same time. We feel sorry that you have to give up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ .
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) to port non-LSM version's functionalities to LSM versions.
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.