CBLFS - User contributions [en]

TOMOYO

2007-10-12T13:59:17Z

124.64.109.198: /* Initial Configuration */

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar
|-}

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel ===

http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel ===

http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration for patch from http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.

Run init_policy.sh included in TOMOYO Linux tools to perform initial configuration for patch from http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz

# /usr/lib/ccs/init_policy.sh

You will get initial configuration files in /etc/ccs/ directory.

=== Tutorial ===

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable
TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy

TOMOYO

2007-10-12T13:57:41Z

124.64.109.198: /* Initial Configuration */

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar
|-}

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel ===

http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel ===

http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration for patch from http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.

for kerel patch Run init_policy.sh included in TOMOYO Linux tools to perform initial configuration for patch from http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz

# /usr/lib/ccs/init_policy.sh

You will get initial configuration files in /etc/ccs/ directory.

=== Tutorial ===

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable
TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy

TOMOYO

2007-10-12T13:22:35Z

124.64.109.198:

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar
|-}

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel ===

http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel ===

http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.

=== Tutorial ===

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable
TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy

TOMOYO

2007-10-12T13:18:52Z

124.64.109.198:

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar
|-}

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain
whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel ===

http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel ===

http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.

=== Tutorial ===

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable
TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy

TOMOYO

2007-10-12T13:15:56Z

124.64.109.198:

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain
whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel ===

http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel ===

http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.

=== Tutorial ===

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable
TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy

TOMOYO

2007-10-12T13:11:05Z

124.64.109.198: /* Non-Multilib or Multilib */

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain
whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel ===

http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel ===

http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.

=== Tutorial ===

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy

TOMOYO

2007-10-12T13:09:11Z

124.64.109.198: /* Initial Configuration */

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain
whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel === http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel === http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.

=== Tutorial ===

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy

TOMOYO

2007-10-12T13:02:08Z

124.64.109.198:

{|style="text-align: left; background-color: AliceBlue;"
|-
!Download Patch (for 2.6.22 series Kernel):
|http://people.redhat.com/mingo/cfs-scheduler/sched-cfs-v2.6.22.9-v22.patch
|-
!Download Patch (for 2.6.22 series Kernel):
|http://osdn.dl.sourceforge.jp/tomoyo/27219/ccs-patch-1.5.0-20070920.tar.gz
|-
!Download Patch (for 2.6.23 series Kernel):
|http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar

----

{{Package-Introduction|The fundamental concept of TOMOYO Linux is "tracking process invocation history". TOMOYO Linux splits domains using "process invocation history" and the process transits to a different domain whenever execution of a program (i.e. do_execve()) is requested. By transiting to a different domain
whenever execution of a program is requested, each domain will have the minimal permissions that are essential for processes in that domain to do their roles.|http://tomoyo.sourceforge.jp/en/2.1.x/|http://tomoyo.sourceforge.jp/en/lkml-4/}}

== Dependencies ==

=== Optional ===
* [[bc]]: needed if you want to run "make check" for OpenSSL

=== Required ===
* [[OpenSSL]]
* [[ccs-tools]]/[[tomoyo-tools]]

== Non-Multilib or Multilib ==

=== 2.6.22 Kernel === http://tomoyo.sourceforge.jp/wiki-e/?TomoyoOnLFS

Modify the ccs-patch-1.5.0-20070920 patch:

8<=========== change for version ============>8
-EXTRAVERSION = .9-cfs-v22
+EXTRAVERSION = .9-cfs-v22-ccs
8<=========== chang for CFS v22 patch http://lkml.org/lkml/2007/9/26/97 ============>8
@@ -64,5 +64,8 @@
#include <asm/tlb.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
/*
* Scheduler clock - returns current time in nanosec units.
@@ -4060,6 +4063,9 @@ int can_nice(const struct task_struct *p
8<=======================>8

Patch the kernel source:

patch -p1 -i ../sched-cfs-v2.6.22.9-v22.patch &&
patch -p1 -i ccs-patch-2.6.22.txt

Compile and install a new TOMOYO aware kernel. Ensure you enable the TOMOYO features.

=== 2.6.23 Kernel === http://tomoyo.sourceforge.jp/en/lkml-4/

The latest TOMOYO Linux patch is available at http://svn.sourceforge.jp/svnroot/tomoyo/tags/lkml/4/patches/ . Download it and extract it at the kernel source directory.

$ wget -O tomoyo.tar.gz 'http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/tags/lkml/4/patches.tar.gz?root=tomoyo&view=tar'
$ tar -zxvf tomoyo.tar.gz
$ /bin/sh -c 'for i in `cat patches/series`; do patch -p1 < patches/$i; done'

Edit Makefile's EXTRAVERSION= line if you need.

Next, create a kernel config with TOMOYO Linux enabled.

$ make -s menuconfig

Go to "Security options" screen and unselect "Default Linux Capabilities", "Root Plug Support", "NSA SELinux Support" and select "TOMOYO Linux support" as shown below.

[*] Enable different security models
< > Default Linux Capabilities
< > Root Plug Support
[ ] NSA SELinux Support
[*] TOMOYO Linux support

After creating a kernel config, compile the kernel.

$ make -s
# make -s modules_install install

Create initrd if you need. Edit /boot/grub/grub.conf or /boot/grub/menu.lst if you need.

=== Compiling TOMOYO Linux tools ===

You can download TOMOYO Linux tools at http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz . Download it and extract it and compile it. The tools are installed in /usr/lib/ccs .

$ wget -O tomoyo-tools.tar.gz 'http://osdn.dl.sourceforge.jp/tomoyo/27220/ccs-tools-1.5.0-20070920.tar.gz'
$ tar -zxf tomoyo-tools.tar.gz
$ cd ccstools
$ make
# make install

=== Initial Configuration ===

Run tomoyo_init_policy.sh included in TOMOYO Linux tools to perform initial configuration.

# /usr/lib/ccs/tomoyo_init_policy.sh

You will get initial configuration files in /etc/tomoyo/ directory.
Tutorial

Before starting tutorial, configure TOMOYO Linux to learn whole system behavior.

# echo '<kernel>' > /etc/tomoyo/domain_policy.conf
# echo 'use_profile 1' >> /etc/tomoyo/domain_policy.conf

When you boot with TOMOYO Linux kernel, you will see the following message when /sbin/init is about to start.

TOMOYO Linux: Enter 'disable' within 10 seconds to disable TOMOYO Linux.
TOMOYO Linux>

If you press 'Enter' key or wait for 10 seconds, TOMOYO Linux gets enabled and policy is loaded. If you have trouble such as unable to login because of inappropriate TOMOYO Linux configuration, enter "disable" and press 'Enter' key to disable TOMOYO Linux.

Login to the system as root user, and run editpolicy included in TOMOYO Linux tools.

# /usr/lib/ccs/editpolicy