Anyone here use Tomoyo Linux? (if not, maybe you should try it)
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I decided to go with Tomoyo 2.6.x LSM, and later play with what I said above.
Thanks!
Nice!
I'm just about ready to experiment with SELinux on Slackware 15.0 and document the process and perhaps write some howto about it eventually. But it's a big commitment of effort and time, so I still have to brave up a little.
I'm as you guess using Tomoyo 2.6 meanwhile, and I will continue to use it. But I'm hoping the previous poster is wrong in saying the LSM are not stackable, because that is contrary to the information from Tomoyo website which states since 2.6, specifically Tomoyo is stackable. Plus there is information online suggesting in the future other major LSM will be stackable as well. Perhaps based on the works of Tomoyo making it stackable with other major LSM's?
Why I am interested in a kernel space Mandatory Access Control (MAC) Linux Security Module like Tomoyo:-
Enforce security policies.
Follow least privilege rule for as many system processes as possible.
It is a requirement in data security certification with external audits.
In my case, we want to get formally compliant with PCI DSS (Payment Card Industry Data Security Standard) and as a part of that, we adopted other standards internally, such as CIS' benchmarks (Center for Internet Security). CIS provided a security benchmark for Slackware 10.4, which is now archived. The current document we follow is CIS_Distribution_Independent_Linux_Benchmark_v1.1.0-2019, which mandates an approved mainline LSM enforcement.
Either as use case examples or specific often used scenarios where it might be particularly interesting to a wide range of users. Meaning for example that you might use Tomoyo for ONLY such a thing, and nothing else, or whatever preference one might have.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.