TOMOYO

Fork

[tomoyo-users-en 233] TOMOYO Linux version 1.8.0 released.

• Previous message (by thread): [tomoyo-users-en 232] Re: Tomoyo as a desktop firewall
• Next message (by thread): [tomoyo-users-en 234] new numerical parameters in 2.3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.



This is the fifth anniversary release.
TOMOYO 1.0 was released on November 11th, 2005.
Many enhancements were made. Core part was merged into upstream kernel.
I thank you for supporting TOMOYO.



In TOMOYO 1.8.0, I tried to remove legacy part and make simpler while enhancing
functionality. Since the policy syntax of 1.8.0 is different from that of 1.7.x,
1.8.x is not compatible with 1.7.x.

List of changes are too long to paste here. Only 5 topics here.

(1) Add support for controlling whether to generate access granted logs or not
    on per an ACL entry basis rather than per a functionality basis.

      Mainly for Apache which floods open() requests and QEMU-KVM which floods
      ioctl() requests.

(2) Add support for UNIX domain socket network.

      Mainly for protecting daemons listening to UNIX domain sockets.

(3) Add support for checking getattr permission and directory's read permission.

      Mainly for users who want to restrict stat() and readdir() operations.
      By default, stat() and readdir() operations are globally permitted by
      exception policy because damage by granting these operations are smaller
      than damage by granting other operations.

(4) Add support for KABI (kernel ABI) compatibility mode.

      Mainly for external kernel modules built for distributor's kernels.

(5) Reduced binary object's size by up to about 22%.

      Mainly for embedded devices (e.g. Android / MeeGo) with limited storage.

All kernel versions supported by TOMOYO 1.7.2 are supported by TOMOYO 1.8.0.

  Vanilla kernels:

    * 2.4.30 - 2.4.37.10
    * 2.6.11.12 - 2.6.37-rc1

  Distributor's kernels:

    * Fedora 11/12/13/14
    * CentOS 3.9/4.8/5.5
    * RHEL 6
    * Debian Etch/Lenny/Squeeze
    * Ubuntu 6.06/8.04/8.10/9.04/9.10/10.04/10.10
    * OpenSUSE 11.0/11.1/11.2/11.3
    * Vine Linux 4.2/5.1
    * Asianux 2.0/3.0
    * Gentoo
    * Hardened Gentoo
    * and more...

I can create patches for other distribution's kernels. But you may want to use
AKARI ( http://akari.sourceforge.jp/comparison.html ) instead. AKARI is made
based on TOMOYO 1.8.0 as a LKM based LSM module. This means that you can use
most of TOMOYO 1.8.0's functionality without replacing distributor's kernels.



Regarding TOMOYO 1.7.x, hereafter I won't make functionality enhancements.
Bug fix support is continued. Therefore, those who are using 1.7.x needn't to
upgrade to 1.8.x.

But those who are using 1.6.x, please consider upgrading to 1.7.x or 1.8.x.
Many of distributions supported by 1.6.x have already reached end of life.

• Previous message (by thread): [tomoyo-users-en 232] Re: Tomoyo as a desktop firewall
• Next message (by thread): [tomoyo-users-en 234] new numerical parameters in 2.3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]