A security module for system analysis and protection
TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and is sponsored by NTT DATA Corporation, Japan.
TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.
The main features of TOMOYO Linux include:
- System analysis
- Increased security through Mandatory Access Control
- Tools to aid in policy generation
- Simple syntax
- Easy to use
- Very few dependencies
- Requires no modification of existing binaries
Find out more on our About Page, and experience TOMOYO Linux in only 10 minutes with these short tutorial videos!
News (archive)
ccs-patch 1.8.3p6/1.7.3p3/1.6.9p3 released
An updated ccs-patch for the 1.8.x branch accommodates changes for Linux 3.4-rc1 kernel (ChangeLog).
ccs-patch 1.8.3p5/1.7.3p2/1.6.9p2 released
An updated ccs-patch accommodates changes to the redefinition of UMH_WAIT_PROC constant which is scheduled for Linux 3.4-rc1 kernel (ChangeLog). This redefinition may be backported to 2.6.23 and later kernels. Affected kernels must upgrade to this version of ccs-patch.
ccs-patch 1.8.3p4 updated
An updated ccs-patch for the 1.8.x branch accommodates changes to the recent Linux 3.3-rc1 kernel (ChangeLog).
ccs-patch 1.8.3p4 released
A new version of ccs-patch for the 1.8.x branch accommodates changes to the behaviour of __d_path() in recent kernels (ChangeLog). This new behaviour was introduced in Linux 3.2-rc5 but may be backported to 2.6.36 and later kernels. Affected kernels must upgrade to this version of ccs-patch.
ccs-patch 1.8.3p3 released
A new version of ccs-patch for the 1.8.x branch fixes a small bug in the mapping of a profile configuration option (ChangeLog). Most users should not be affected.
6th anniversary of TOMOYO Linux
Today is the 6th anniversary since TOMOYO Linux 1.0 was released! We were unable to publish our usual anniversary release, but a new version of ccs-patch is available for the 1.8.x branch (ChangeLog). You also might be interested in reading the extended announcement, which includes information on the potential upcoming changes in the TOMOYO Linux 1.9.x branch. Also mentioned in the announcement:
- A repository for RHEL 6 and Fedora 16 binary packages for both i686 and x86_64
- TOMOYO 2.4 to be included in openSUSE 12.1
- TOMOYO 2.5 to be included in Ubuntu 12.04
tomoyo-tools 2.5.0p1 and ccs-patch 1.8.3p1 released
New versions of tomoyo-tools for 2.4.x and 2.5.x branches have been released, as well as new versions of ccs-patch and ccs-tools for the 1.8.x branch. Please be sure to use the correct version of tomoyo-tools for the Linux kernel version in use.