"'TOMOYO Linux' is our work in the field of security enhanced Linux," Kentaro Takeda began, describing 15 patches posted to the Linux Kernel mailing list. He noted that in an earlier version of the patches posted just prior to the recent Kernel summit, TOMOYO Linux's Mandatory Access Control was limited to files. In the new patch, he explained, "now TOMOYO Linux has access control functionality not only for files but also for networking, signal transmission and namespace manipulation and we got the source code cleaned-up." Kentaro went to provide an overview:
"The fundamental concept of TOMOYO Linux is 'tracking process invocation history'.
"The 'struct task_struct'->security member holds a pointer to the 'process invocation history'. Thus, every process (the kernel, /sbin/init process and any children/descendant of /sbin/init) knows its 'process invocation history' (or ancestors). Since every process knows its ancestors, TOMOYO Linux can enforce access control over all processes."