mirror of
https://github.com/torvalds/linux.git
synced 2024-12-25 04:11:49 +00:00
93431e0607
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Link: https://lore.kernel.org/r/20200526060544.25127-1-grandmaster@al2klimov.de Signed-off-by: Jonathan Corbet <corbet@lwn.net>
66 lines
2.2 KiB
ReStructuredText
66 lines
2.2 KiB
ReStructuredText
======
|
|
TOMOYO
|
|
======
|
|
|
|
What is TOMOYO?
|
|
===============
|
|
|
|
TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
|
|
|
|
LiveCD-based tutorials are available at
|
|
|
|
http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html
|
|
http://tomoyo.sourceforge.jp/1.8/centos6-live.html
|
|
|
|
Though these tutorials use non-LSM version of TOMOYO, they are useful for you
|
|
to know what TOMOYO is.
|
|
|
|
How to enable TOMOYO?
|
|
=====================
|
|
|
|
Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
|
|
kernel's command line.
|
|
|
|
Please see http://tomoyo.osdn.jp/2.5/ for details.
|
|
|
|
Where is documentation?
|
|
=======================
|
|
|
|
User <-> Kernel interface documentation is available at
|
|
https://tomoyo.osdn.jp/2.5/policy-specification/index.html .
|
|
|
|
Materials we prepared for seminars and symposiums are available at
|
|
https://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
|
|
Below lists are chosen from three aspects.
|
|
|
|
What is TOMOYO?
|
|
TOMOYO Linux Overview
|
|
https://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf
|
|
TOMOYO Linux: pragmatic and manageable security for Linux
|
|
https://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
|
|
TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
|
|
https://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
|
|
|
|
What can TOMOYO do?
|
|
Deep inside TOMOYO Linux
|
|
https://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
|
|
The role of "pathname based access control" in security.
|
|
https://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf
|
|
|
|
History of TOMOYO?
|
|
Realities of Mainlining
|
|
https://osdn.jp/projects/tomoyo/docs/lfj2008.pdf
|
|
|
|
What is future plan?
|
|
====================
|
|
|
|
We believe that inode based security and name based security are complementary
|
|
and both should be used together. But unfortunately, so far, we cannot enable
|
|
multiple LSM modules at the same time. We feel sorry that you have to give up
|
|
SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
|
|
|
|
We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
|
|
version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ .
|
|
LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
|
|
to port non-LSM version's functionalities to LSM versions.
|