Projects / TOMOYO Linux


TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and is sponsored by NTT DATA Corporation, Japan.

Operating Systems

Last announcement

Memory leak bug in TOMOYO 2.3 03 Mar 2011 01:02

Memory leak was found in TOMOYO 2.3 which is included in 2.6.36 and later. In tomoyo_check_open_permission() which checks permissions upon file open, TOMOYO was by error recalculating already calculated pathname when checking allow_rewrite permission.

Recent releases

Release Notes: This release includes a bugfix and enhancements to the policy editor. TOMOYO 2.3 (Linux 2.6.36) and later appeared to have problems in handling mount permission checks. When applying the fix, you might need redefining policies. A patch for TOMOYO 2.5 will be included in Linux 3.4. Regarding ccs-tools, the number of selected items will now be displayed in the policy editor.

  •  30 Sep 2011 01:20

    Release Notes: TOMOYO 1.8.3 and AKARI 1.0.20 accept an optional argument that supersedes the exception policy's domain transition control directives to "file execute", "task auto_execute_handler", and "task denied_execute_handler" entries. This optional argument will also be available in TOMOYO 2.5.

    •  07 Aug 2011 15:16

      Release Notes: The userland tools for TOMOYO 2.4.0 have been released.

      •  20 Jun 2011 15:06

        Release Notes: Policy namespace was introduced in order to make it easier to use TOMOYO in LXC environments. The trigger for activation is configurable upon boot using the CCS_trigger= option in order to make it easier to use TOMOYO with systemd environments.

        •  01 Apr 2011 09:15

          Release Notes: Several bugs were fixed. A new feature to protect the Android environment from privilege escalation was added. Support for packed policy format was added. The garbage collector was modified so as not to wait for /proc/ccs/ users. As a result, memory reclamation can start earlier.

          Recent comments

          29 Oct 2010 13:26 inow

          It is very important to submit releases for tomoyo-2.x here on freshmeat, too! Either there should be another freshmeat project or the tomoyo-2.x releases should be announced right here. Missing this made booting my linux-2.6.36 kernel impossible after new changes!


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.