TOMOYO Linux is a pathname-based MAC extension (LSM module) for the
Linux kernel.
This patchset is for linux-next (-next-20081017).
Differences from previous version (http://lkml.org/lkml/2008/10/9/46)
are as follows.
*About locking:
-reduced global locks.
-added comments to explain what lock protects.
*About singly-linked-list:
-moved declaration of singly-linked-list from
security/tomoyo/common.h to include/linux/list1.h .
-added rcu_dereference() and rcu_assign_pointer() call properly.
*Others:
-added MAINTAINERS entry of TOMOYO SECURITY MODULE .
-inserted a blank line between variable declaration and start of
code.
Stephen, James, Chris, please review and respond (hopefully Ack).
Regards,
--
Stephen, James, Chris, Serge,
What is the status of this patchset?
I saw no objections against our patchset.
We are waiting for your review for now.
Is there something we can do?
Regards,
Quoting Kentaro Takeda ([email protected]):
> Stephen, James, Chris, Serge,
> What is the status of this patchset?
>
> I saw no objections against our patchset.
I don't like the 'in_exec' bit in the task_struct, but adding LSM hooks
to let just TOMOYO mark whether you're in exec seems even uglier.
> We are waiting for your review for now.
> Is there something we can do?
Well I think the patchset is at a stage where it needs a test-spin in
-mm (or something).
The users' list seems quite sparse, though. Who exactly does use this,
and why? (I don't mean that to sound adversarial, but while I think I
know how it differs from selinux, I'm not clear on when or why its
differences would be advantageous.)
-serge
On 10/30/2008 4:18 AM, Serge E. Hallyn wrote:
> The users' list seems quite sparse, though. Who exactly does use this,
> and why? (I don't mean that to sound adversarial, but while I think I
> know how it differs from selinux, I'm not clear on when or why its
> differences would be advantageous.)
>
> -serge
I assume you saw the English version of users' list which was
created very recently. At the moment, most of the TOMOYO Linux
project users are Japanese as it is not merged *yet*. ;-)
Well, I think I need to prove the existence of users.
Page views total since 2005-11-11: 1,272,647
Downloads total since 2005-11-11: 28,501
Please visit the following url to find number of users are increasing.
http://sourceforge.jp/project/stats/index.php?report=months&group_id=1973&language_id=1
The following wiki page is designed to be an entry for newcomers.
http://elinux.org/TomoyoLinux (7,499 page views)
The following page has been maintained by non-Japanese users.
http://cblfs.cross-lfs.org/index.php/TOMOYO (3,252 page views)
Mandriva 2008.1 and 2009.0 have TOMOYO Linux enabled kernels.
http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/mandriva2008.1/
http://tomoyo.sourceforge.jp/en/1.6.x/1st-step/mandriva2009.0/
Turbolinux 11 Server and Turbolinux Client 2008, too.
http://tomoyo.sourceforge.jp/ja/1.5.x/1st-step/tl11s/
http://tomoyo.sourceforge.jp/ja/1.6.x/1st-step/tc2008/
We have been providing Ubuntu based LiveCD and CentOS based LiveCD.
(= Ubuntu/CentOS LiveCD + TOMOYO Kernel and utilities)
http://tomoyo.sourceforge.jp/wiki-e/?TomoyoLive
Reference documentations and web pages are provided in
English and Japanese.
http://tomoyo.sourceforge.jp/index.html.en
We have open forums and have had feedbacks from non-Japanese
people.
http://sourceforge.jp/forum/forum.php?forum_id=11352&language_id=1
Some Japanese security related NGO server has been protected by
TOMOYO Linux. (not play machine)
http://www.jnsa.org/result/2007/tech/secos/secureos.pdf
(sorry, there's no English version)
So, I think it's safe to say TOMOYO Linux is a *real* project and
there are users. :-)
Best regards,
Toshiharu Harada
[email protected]