TOMOYO Linux
TOMOYO Linux reinforces Access Control supposed to be performed by userland process:
- WHO: from the perspective of subjects (processes)
- WHERE: in the kernel, in order to not be bypassed by errors and improper configurations
TOMOYO Linux is provided as set composed of:
- Kernel functions
- Configuration tools
Access Controls
The following controls are provided:
- Process: control program's execution by minimizing invocation names, validating parameters and inserting setup program before
- FS: minimize accessible pathname and its changes
- Network: reduce reachable IP addresses and port numbers
- System: minimize allowed system calls
Tomoyo on Slackware
Tomoyo is not enabled by default in Slackware. The kernel should be re-compiled to enable it.
There are some resources:
AKARI