TOMOYO
Fork
Abstract:
AKARI is Access Keeping And Regulating Instrument for Linux 2.6 kernels.
You can use AKARI for analyzing your system's behavior (i.e. reports which
application accesses which resources like strace command does) and optionally
restricting your system's behavior (i.e. controls which application can
access which resources like TOMOYO/AppArmor does).
AKARI is forked from TOMOYO 1.8 and made as a LKM (loadable kernel module)
so that you don't need to replace your kernels installed in your system.
Target systems:
Linux distributions shipped with kernels being compiled with LSM (linux
security modules) framework support. That is, at least,
Red Hat Enterprise Linux (RHEL4(2.6.9)/RHEL5(2.6.18)/RHEL6(2.6.32))
Fedora (from Fedora Core 2(2.6.5) to Fedora 14(2.6.36))
Ubuntu (from Warty(2.6.8) to Maverick(2.6.35))
Debian (Sarge(2.6.8)/Etch(2.6.18)/Lenny(2.6.26)/Squeeze(2.6.32))
openSUSE (from 9.1(2.6.4) to 11.3(2.6.34))
should be supported. But please understand that AKARI cannot be used on some
of kernels listed above because of distributor specific kernel patches or
kernels being compiled without LSM framework support.
AKARI fails to register on some CPU architectures because it depends on
binary code scanning for finding functions/variables which are not exported
to LKM. Currently only x86_32 is known to work. I haven't tested (or cannot
test) other architectures (e.g. x86_64, IA64).
Backgrounds:
I was asked to develop a single-function access control module for RHEL4/5
users who disable SELinux but are concerned about security. But replacing
kernels is an unacceptable psychological hurdle. Therefore, I was asked to
implement it as a LKM.
LSM is the only way that allows use of access control modules without
replacing kernels. But "security_ops" (the variable for calling LSM modules)
is no longer exported to LKM since 2.6.24. Also, "register_security()" (the
function for registering LSM modules) is marked as "__init" since 2.6.35.
That would be no problem for supporting RHEL4/5 users. But how can I support
RHEL6 and later users? Make the single-function access control module as a
LSM module and get it merged into mainline, and then submit a proposal to
distributors? Unfortunately, that approach won't work.
LSM modules which are not full-featured enough to cover all the bases will
not be accepted as in-tree LSM modules. That keeps single-function LSM
modules away from Linux users because replacing kernels is an unacceptable
hurdle for them. Linux users should be allowed to use out-of-tree LKM at
their own risk without replacing their kernels.
Therefore, I established a way to access LSM from a LKM, and made a LKM based
LSM module. It was NoWhere. It is NowHere. ;-)
Documentation:
Please see http://akari.sourceforge.jp/ .
Psychological hurdle for introducing AKARI is lower than TOMOYO 1.8 .
Grade of AKARI's functionality is higher than TOMOYO 2.3 .
Although AKARI is a LKM based LSM module, you don't need to disable
SELinux/Smack/TOMOYO/AppArmor etc. when you enable AKARI.
Thanks.