TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and is sponsored by NTT DATA Corporation, Japan.
|Tags||access control Security Analysis|
Memory leak was found in TOMOYO 2.3 which is included in 2.6.36 and later. In tomoyo_check_open_permission() which checks permissions upon file open, TOMOYO was by error recalculating already calculated pathname when checking allow_rewrite permission. http://sourceforge.jp/projects/tomoyo/lists/archive/users-en/2011-March/000259.html
Release Notes: This release includes a bugfix and enhancements to the policy editor. TOMOYO 2.3 (Linux 2.6.36) and later appeared to have problems in handling mount permission checks. When applying the fix, you might need redefining policies. A patch for TOMOYO 2.5 will be included in Linux 3.4. Regarding ccs-tools, the number of selected items will now be displayed in the policy editor.
Release Notes: TOMOYO 1.8.3 and AKARI 1.0.20 accept an optional argument that supersedes the exception policy's domain transition control directives to "file execute", "task auto_execute_handler", and "task denied_execute_handler" entries. This optional argument will also be available in TOMOYO 2.5.
Release Notes: The userland tools for TOMOYO 2.4.0 have been released.
Release Notes: Policy namespace was introduced in order to make it easier to use TOMOYO in LXC environments. The trigger for activation is configurable upon boot using the CCS_trigger= option in order to make it easier to use TOMOYO with systemd environments.
Release Notes: Several bugs were fixed. A new feature to protect the Android environment from privilege escalation was added. Support for packed policy format was added. The garbage collector was modified so as not to wait for /proc/ccs/ users. As a result, memory reclamation can start earlier.