SlideShare uma empresa Scribd logo

Realities of Mainlining -- Case of the TOMOYO Linux project

Toshiharu Harada, Ph.D
Toshiharu Harada, Ph.D
TecnologiaNotícias e política
1 de 84
Baixar para ler offline
Realities of Mainlining - Case of the TOMOYO Linux Project - Toshiharu Harada <haradats@nttdata.co.jp> <haradats@gmail.com> NTT DATA CORPORATION July 9, 2008
TOMOYO Linux ✴ “pathname-based” Mandatory Access Control (MAC) enhancements ✴ Started as a R&D project of NTT DATA CORPORATION in 2003 ✴ Available as open source since Nov. 2005 ✴ LiveCD is available ✴ http://tomoyo.sourceforge.jp/wiki-e/?TomoyoLive ✴ TOMOYO is a registered trademark of NTT DATA CORPORATION
Toshiharu Kentaro Tetsuo (project manager) (LSM version) (main architect) Project members
Instructions ✴ During the presentation, I will ask a couple of questions to the guests. ✴ Guests have the plate and are expected to show us the answer.
Instructions ✴ During the presentation, I will ask a couple of questions to the guests. ✴ Guests have the plate and are expected to show us the answer.
Exercise • What’s your name? Andrew Morton Paul Moore James Morris
Question • Have you ever heard of “TOMOYO Linux” I tried TOMOYO Linux and liked it Yes What is it?
March 2003 ✴ Project launched at Kayabacho in Japan without ✴ kernel development experiences ✴ specific goal ✴ smart, experienced project manager
When we started ✴ We didn’t know the words “mainline”, “upstream” and “OLS” ✴ We never thought of making our work to be merged in the Linux kernel ✴ But now mainline is our major concern
There has been changes ✴ We met many people ✴ Some people told us, some suggested, some demanded ...
April 2006 Meeting with Russell ✴ Russell Coker has visited Japan ✴ We showed him an early version TOMOYO Linux and received some comments ✴ He was the first person that suggested mainlining
✴ “Use the Linux auditing for event logging” ✴ “Use LSM interfaces. If you can entirely use LSM interfaces then TOMOYO can be a candidate for inclusion ...” ✴ “I suggest is to have equivalence classes (let’s call them domains).This means that “vi” and “emacs” will be considered to have identical security properties ...” ✴ We have done the above by now
He wrote to me ✴ “If you mostly use LSM interfaces then you will save significant amount of work in terms of maintaining support for new kernels and also save development work for everyone who wants to use your system along with other patches.” ✴ Full statements with Japanese translation is found at http://lists.sourceforge.jp/mailman/ archives/tomoyo-users/2006-April/000062.html
Dec. 8, 2006 ✴ Satoru Ueda of CELF (Consumer Electronics Linux Forum) asked me to demonstrate TOMOYO Linux at their technical meeting. ✴ http://tree.celinuxforum.org/CelfPubWiki/ JapanTechnicalJamboree12 ✴ I spoke to them, ✴ “please send requests/questions in Japanese” ✴ “please use TOMOYO Linux” ✴ And got ...
Unexpected Comments ✴ They said ✴ “We want to use only in-tree modules” ✴ “Why don’t you try mainlining?” ✴ “Think global go out the world” ✴ “Try submitting ELC2007 (Embedded Linux Conference 2007)”
Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ...
Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ...
Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ... Hiro Yoshioka (YLUG)
Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ... Hiro Yoshioka (YLUG) Masahiro Itoh (BlueQuartz)
Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ... Hiro Yoshioka (YLUG) Masahiro Itoh (BlueQuartz) Hideaki Yoshifuji (Usagi)
“We will fix you!” ✴ It was a meeting of the Hell ✴ They compelled us to try mainlining ✴ We were scolded and they told us to see the world ✴ They even demanded us to challenge OLS ✴ It was only 7 days to the deadline and I didn’t know what OLS was :-) huh!
Evidence tells ... ✴ There is a movie. ✴ The 72th kernel reading party (92 min)
March 2007 ✴ ELC2007 and OLS2007, both submissions were accepted despite of my expectations ✴ The beginning of the hard days
We worked hard ✴ Jumped in the LKML AppArmor threads ✴ Started making new TOMOYO Linux patches that use LSM ✴ We wanted to post them to LKML before OLS2007
Apr. 18, 2007 ELC2007! ✴ We had ✴ 2 sessions (presentation and tutorial) ✴ Not many people came to our session as expected, but ...
There he was! (Jonathan Corbet attended our session)
There he was! (Jonathan Corbet attended our session)
Suggestions from the Heaven ✴ “Try making TOMOYO Linux to be merged” ✴ “Talk with AppArmor people” ✴ We were encouraged, very very deeply ✴ We’ve followed the above advices before OLS2007
TOMOYO Linux LKML logs • We are maintaining a Wiki page to follow our postings. • http://tomoyo.sourceforge.jp/wiki-e/? WhatIs#mainlining • Each posting is linked to a corresponding LWN.net article.
June 13, 2007 ✴ LKML debut of TOMOYO Linux ✴ We wrote URL to reduce the e-mail size ... ✴ Not in LKML standard coding style ... ✴ Tabs were not properly handled ... ✴ Full of failures
Message from Mr. SELinux ✴ Stephen Smalley sent me a message ✴ “If you really want feedback or to get your code into the kernel, you need to do more than post a URL to the code - you need to break your code down into a number of patches and post them...” ✴ I appreciated his consideration
Message from Japanese community ✴ from Goto-san @fujitsu ✴ “You should choose mm tree or rc as base of the patches” ✴ “Be careful to follow the LKML standard CodingStyle (checkpatch.pl might help)” ✴ “Use quilt” ✴ We didn’t understand those basic rules
How to start • It’s simple, just give it a try • You don’t have to be perfect (as we were) • There are people who would help you • You just need to “go out” to be visible
What You Need to Join the kernel development ✴ The source code of Linux ✴ Enormous documentations and genius tools are included as part of Linux ✴ Mail program that understands threads and ...
What You Need to Join the kernel development ✴ The source code of Linux ✴ Enormous documentations and genius tools are included as part of Linux ✴ Mail program that understands threads and ... Courage
Where to find the source? • Visit www.kernel.org • Browse LXR sites • http://tomoyo.sourceforge.jp/cgi-bin/ lxr/source • http://lxr.linux.no/ • Use Git (http://git.or.cz/)
Jun. 29, 2007 Ottawa! (photo: just waiting for the time of our very first session at OLS)
✴ Stephen Smalley, Chris Wright, Joshua Brindle, Seth Arnold, Hadi Nahari and other secure-OS guys came to my session ✴ What a pleasure!
AppArmor and SELinux guys began fighting
AppArmor and SELinux guys began fighting
AppArmor and SELinux guys began fighting I thought ...
... (>_<) why in my session ...
Question • Do you recognize “(>_<)”? Yes Don’t know (tell me)
Answer • (>_<) auch! • (^_^) happy • (T_T) sad (crying) • How about “orz”?
anyway ... ✴ It was a really wonderful experience ✴ We met many people ✴ We found we were with community ✴ Unforgettable day ✴ I wrote a wiki page ✴ http://tomoyo.sourceforge.jp/wiki-e/? OLS2007-BOF
OLS2007 The night of miracle ✴ Stephen spared his time to talk with US after the session!!! ✴ He suggested us TOMOYO Linux get married with SELinux or AppArmor
OLS2007 The night of miracle ✴ Stephen spared his time to talk with US after the session!!! ✴ He suggested us TOMOYO Linux get married with SELinux or AppArmor
Oct. 2, 2007 ✴ Linus suddenly appeared in SMACK thread and spoke out loud ✴ I’m tired of this “only my version is correct” crap. The whole and only point of LSM was to get away from that. ✴ Linus’ message sounded like a chance (sorry for James ...), so we rushed to prepare the 3rd posting
“only my version is correct” crap? • Linus’ words raised me questions • I didn’t think SELinux people (or James) meant only SELinux was correct ... • Single solid security vs. choices
Questions? • Should Linux have multiple choices for fundamental security mechanism? Yes No Other (let me say!)
Oct. 11, 2007 Shock • We got 0 (zero) feedbacks for our 4th posting • This is sort of TOMOYO Linux project’s difficulties
✴ Positive feedbacks are always Good! ✴ Negative feedbacks and NACK are “Not BAD” ✴ No feedbacks is BAD
Question • How can this (*no* feedbacks) happen? • What should we do when there is no feedbacks?
Nov. 29, 2007 PacSec2007 Dragos in Tokyo http://sourceforge.jp/projects/tomoyo/document/PacSec2007-handout.pdf
Dec. 25, 2007 Posted Security Goal ✴ Serge E. Hallyn has suggested to enhance ✴ TOMOYO provides no sort of information flow control ✴ TOMOYO is purely restrictive ✴ Learning mode is primary source of policy so you depend on change of behavior to detect intruders ✴ but any intruder who attempts to do something which the compromised software wouldn’t have done should be stopped and detected
Feb. 24, 2008 FOSDEM’08 http://sourceforge.jp/projects/tomoyo/document/fosdem2008.pdf
Apr. 14, 2008 TOMOYO on LWN.net http://lwn.net/Articles/277833/ What a nice surprise to see my project on LWN.net!
Apr. 25, 2008 ELC2008 http://sourceforge.jp/projects/tomoyo/ document/elc2008.pdf
TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
Paul, James and ... • Are we missing someone? ... NO • HE has sent Tetsuo personal messages several times as well as Stephen • If you move, you will know there are people to help you
Statistics
Statistics FOSDEM2008 ELC2008 OLS2007 PacSec2007 ELC2007
OLS2008? Statistics FOSDEM2008 ELC2008 OLS2007 PacSec2007 ELC2007
Jul. 9, 2008 (today) Current Status ✴ We are still in the middle of our way ✴ It might take a month, a year or a decade, but we know we will never give up ✴ Merging TOMOYO Linux started as our mission, but now they are our personal goals ✴ We found joys in ourselves
Question • Do you think TOMOYO will be merged someday? Send me the patches and I will merge them in my git tree Someday, maybe ... I don’t want to mention now
When in doubt ✴ Don’t worry, you can ask “HIM”
When in doubt ✴ Don’t worry, you can ask “HIM” _ ─ ─ ● ● | __ __ | / ∩ ⊃ ( | | . “ | |
Question • Who is “HE”? don’t know “Me”
HIM (page 13 of 14) http://www.celinux.org/elc08_presentations/morton-elc-08.ppt please read and find HIM
HIM (page 13 of 14) http://www.celinux.org/elc08_presentations/morton-elc-08.ppt please read and find HIM
_ ─ ─ ● ● | __ __ | “ i f t h e r e ʼs something in it for me”? / ∩ ⊃ ( | | . “ | |
You can also ask ME • I think I am a kind of nice person • I will help you if I can • I have legs, too (not great, though) ImpressIT
You can also ask ME • I think I am a kind of nice person • I will help you if I can • I have legs, too (not great, though) _ ─ ─ ● ● | __ __ | / ∩ ⊃ ( | | . “ | | ImpressIT
Question • Will you help us Japanese developers? Yes No
I came to find ✴ There were many people to help us ✴ We were not required the perfectness ✴ Every experiences are real treasures ... ✴ Go out and find your story and treasures
Mainlining ✴ it’s not easy, but it’s not impossible, either ✴ painful sometimes, but not all time ✴ yes, we are enjoying the whole process even in the difficulties ✴ we can try because now we know it’s worth
Mainlining ✴ it’s not easy, but it’s not impossible, either ✴ painful sometimes, but not all time ✴ yes, we are enjoying the whole process even in the difficulties ✴ we can try because now we know it’s worth It’s worth
What you need • Read the documents, first (almost everything is already there) • Start to live within the LKML and subscribe LWN • Attend community events and meetings (they will not kill you)
With a little help from my friend
With a little help from my friend • http://elinux.org/TomoyoLinux • http://tomoyo.sourceforge.jp/ • http://sourceforge.jp/projects/tomoyo/ Thank you (^_^)/~ see you @ols2008

Recomendados

Reef - ESUG 2010
Reef - ESUG 2010Reef - ESUG 2010
Reef - ESUG 2010Esteban Lorenzano
 
Mars - ESUG 2010
Mars - ESUG 2010Mars - ESUG 2010
Mars - ESUG 2010Esteban Lorenzano
 
Plone Conference 2010 – Where we go from here
Plone Conference 2010 – Where we go from herePlone Conference 2010 – Where we go from here
Plone Conference 2010 – Where we go from hereEric Steele
 
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)Toshiharu Harada, Ph.D
 
Continuous Integration Testing for Plone Using Hudson
Continuous Integration Testing for Plone Using HudsonContinuous Integration Testing for Plone Using Hudson
Continuous Integration Testing for Plone Using HudsonEric Steele
 
iBizLog - ESUG2010
iBizLog - ESUG2010iBizLog - ESUG2010
iBizLog - ESUG2010Esteban Lorenzano
 
Iterating Plone
Iterating PloneIterating Plone
Iterating PloneEric Steele
 
Drupal security - Configuration and process
Drupal security - Configuration and processDrupal security - Configuration and process
Drupal security - Configuration and processGábor Hojtsy
 

Recomendados

Reef - ESUG 2010
Reef - ESUG 2010Reef - ESUG 2010
Reef - ESUG 2010Esteban Lorenzano
 
Mars - ESUG 2010
Mars - ESUG 2010Mars - ESUG 2010
Mars - ESUG 2010Esteban Lorenzano
 
Plone Conference 2010 – Where we go from here
Plone Conference 2010 – Where we go from herePlone Conference 2010 – Where we go from here
Plone Conference 2010 – Where we go from hereEric Steele
 
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)Toshiharu Harada, Ph.D
 
Continuous Integration Testing for Plone Using Hudson
Continuous Integration Testing for Plone Using HudsonContinuous Integration Testing for Plone Using Hudson
Continuous Integration Testing for Plone Using HudsonEric Steele
 
iBizLog - ESUG2010
iBizLog - ESUG2010iBizLog - ESUG2010
iBizLog - ESUG2010Esteban Lorenzano
 
Iterating Plone
Iterating PloneIterating Plone
Iterating PloneEric Steele
 
Drupal security - Configuration and process
Drupal security - Configuration and processDrupal security - Configuration and process
Drupal security - Configuration and processGábor Hojtsy
 
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)guest40cf23
 
LocJAM Japan Presentation - Kyoto Study Group (December 2016)
LocJAM Japan Presentation - Kyoto Study Group (December 2016)LocJAM Japan Presentation - Kyoto Study Group (December 2016)
LocJAM Japan Presentation - Kyoto Study Group (December 2016)Anthony Teixeira - French Video Game Translator
 
How to Become a Hacker?
How to Become a Hacker?How to Become a Hacker?
How to Become a Hacker?removed_e10bf3fe21ff4e6e6a55bdd2c09fcb15
 
Introduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsIntroduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsBITS
 
IETF remote participation via Meetecho @ WebRTC Meetup Stockholm
IETF remote participation via Meetecho @ WebRTC Meetup StockholmIETF remote participation via Meetecho @ WebRTC Meetup Stockholm
IETF remote participation via Meetecho @ WebRTC Meetup StockholmLorenzo Miniero
 
introduction to ubuntu
introduction to ubuntuintroduction to ubuntu
introduction to ubuntuasifnawaz144wb
 
Adobemax2009na
Adobemax2009naAdobemax2009na
Adobemax2009naMasakazu Ohtsuka
 
Slackware Linux: 21 years and still not tried it? What are you waiting for?
Slackware Linux: 21 years and still not tried it? What are you waiting for?Slackware Linux: 21 years and still not tried it? What are you waiting for?
Slackware Linux: 21 years and still not tried it? What are you waiting for?55020
 
The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!Alexander Loechel
 
Open Source Software and Libraries
Open Source Software and LibrariesOpen Source Software and Libraries
Open Source Software and LibrariesEllyssa Kroski
 
LocJAM April 2014
LocJAM April 2014LocJAM April 2014
LocJAM April 2014gloc247
 
Day 1 slides UNO summer 2010 robotics workshop
Day 1 slides UNO summer 2010 robotics workshop Day 1 slides UNO summer 2010 robotics workshop
Day 1 slides UNO summer 2010 robotics workshop Raj Dasgupta
 
Embedded Systems PPt.pptx
Embedded Systems PPt.pptxEmbedded Systems PPt.pptx
Embedded Systems PPt.pptxTabrezahmed39
 
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)Igalia
 
Day2: Conceptualización, teorización e investigación en nuevas alfabetizaciones
Day2: Conceptualización, teorización e investigación en nuevas alfabetizacionesDay2: Conceptualización, teorización e investigación en nuevas alfabetizaciones
Day2: Conceptualización, teorización e investigación en nuevas alfabetizacionesMichele Knobel
 
OpenStack Upstream Training Report
OpenStack Upstream Training ReportOpenStack Upstream Training Report
OpenStack Upstream Training ReportRakuten Group, Inc.
 
How to create/improve OSS product and its community (revised)
How to create/improve OSS product and its community (revised)How to create/improve OSS product and its community (revised)
How to create/improve OSS product and its community (revised)SATOSHI TAGOMORI
 
Unix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsUnix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsAnant Narayanan
 
The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010Voxilate
 
kernel code reading party on March 28th, 2014
kernel code reading party on March 28th, 2014kernel code reading party on March 28th, 2014
kernel code reading party on March 28th, 2014Hiro Yoshioka
 
20090703 tomoyo thankyou
20090703 tomoyo thankyou20090703 tomoyo thankyou
20090703 tomoyo thankyouToshiharu Harada, Ph.D
 
Job's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation KitJob's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation KitToshiharu Harada, Ph.D
 

Mais conteúdo relacionado

Semelhante a Realities of Mainlining -- Case of the TOMOYO Linux project

Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)guest40cf23
 
Introduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsIntroduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsBITS
 
IETF remote participation via Meetecho @ WebRTC Meetup Stockholm
IETF remote participation via Meetecho @ WebRTC Meetup StockholmIETF remote participation via Meetecho @ WebRTC Meetup Stockholm
IETF remote participation via Meetecho @ WebRTC Meetup StockholmLorenzo Miniero
 
introduction to ubuntu
introduction to ubuntuintroduction to ubuntu
introduction to ubuntuasifnawaz144wb
 
Slackware Linux: 21 years and still not tried it? What are you waiting for?
Slackware Linux: 21 years and still not tried it? What are you waiting for?Slackware Linux: 21 years and still not tried it? What are you waiting for?
Slackware Linux: 21 years and still not tried it? What are you waiting for?55020
 
The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!Alexander Loechel
 
Open Source Software and Libraries
Open Source Software and LibrariesOpen Source Software and Libraries
Open Source Software and LibrariesEllyssa Kroski
 
LocJAM April 2014
LocJAM April 2014LocJAM April 2014
LocJAM April 2014gloc247
 
Day 1 slides UNO summer 2010 robotics workshop
Day 1 slides UNO summer 2010 robotics workshop Day 1 slides UNO summer 2010 robotics workshop
Day 1 slides UNO summer 2010 robotics workshop Raj Dasgupta
 
Embedded Systems PPt.pptx
Embedded Systems PPt.pptxEmbedded Systems PPt.pptx
Embedded Systems PPt.pptxTabrezahmed39
 
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)Igalia
 
Day2: Conceptualización, teorización e investigación en nuevas alfabetizaciones
Day2: Conceptualización, teorización e investigación en nuevas alfabetizacionesDay2: Conceptualización, teorización e investigación en nuevas alfabetizaciones
Day2: Conceptualización, teorización e investigación en nuevas alfabetizacionesMichele Knobel
 
OpenStack Upstream Training Report
OpenStack Upstream Training ReportOpenStack Upstream Training Report
OpenStack Upstream Training ReportRakuten Group, Inc.
 
How to create/improve OSS product and its community (revised)
How to create/improve OSS product and its community (revised)How to create/improve OSS product and its community (revised)
How to create/improve OSS product and its community (revised)SATOSHI TAGOMORI
 
Unix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsUnix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsAnant Narayanan
 
The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010Voxilate
 
kernel code reading party on March 28th, 2014
kernel code reading party on March 28th, 2014kernel code reading party on March 28th, 2014
kernel code reading party on March 28th, 2014Hiro Yoshioka
 

Semelhante a Realities of Mainlining -- Case of the TOMOYO Linux project (20)

Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)
 
LocJAM Japan Presentation - Kyoto Study Group (December 2016)
LocJAM Japan Presentation - Kyoto Study Group (December 2016)LocJAM Japan Presentation - Kyoto Study Group (December 2016)
LocJAM Japan Presentation - Kyoto Study Group (December 2016)
 
How to Become a Hacker?
How to Become a Hacker?How to Become a Hacker?
How to Become a Hacker?
 
Introduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsIntroduction to Linux for bioinformatics
Introduction to Linux for bioinformatics
 
IETF remote participation via Meetecho @ WebRTC Meetup Stockholm
IETF remote participation via Meetecho @ WebRTC Meetup StockholmIETF remote participation via Meetecho @ WebRTC Meetup Stockholm
IETF remote participation via Meetecho @ WebRTC Meetup Stockholm
 
introduction to ubuntu
introduction to ubuntuintroduction to ubuntu
introduction to ubuntu
 
Adobemax2009na
Adobemax2009naAdobemax2009na
Adobemax2009na
 
Slackware Linux: 21 years and still not tried it? What are you waiting for?
Slackware Linux: 21 years and still not tried it? What are you waiting for?Slackware Linux: 21 years and still not tried it? What are you waiting for?
Slackware Linux: 21 years and still not tried it? What are you waiting for?
 
The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!
 
Open Source Software and Libraries
Open Source Software and LibrariesOpen Source Software and Libraries
Open Source Software and Libraries
 
LocJAM April 2014
LocJAM April 2014LocJAM April 2014
LocJAM April 2014
 
Day 1 slides UNO summer 2010 robotics workshop
Day 1 slides UNO summer 2010 robotics workshop Day 1 slides UNO summer 2010 robotics workshop
Day 1 slides UNO summer 2010 robotics workshop
 
Embedded Systems PPt.pptx
Embedded Systems PPt.pptxEmbedded Systems PPt.pptx
Embedded Systems PPt.pptx
 
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)
 
Day2: Conceptualización, teorización e investigación en nuevas alfabetizaciones
Day2: Conceptualización, teorización e investigación en nuevas alfabetizacionesDay2: Conceptualización, teorización e investigación en nuevas alfabetizaciones
Day2: Conceptualización, teorización e investigación en nuevas alfabetizaciones
 
OpenStack Upstream Training Report
OpenStack Upstream Training ReportOpenStack Upstream Training Report
OpenStack Upstream Training Report
 
How to create/improve OSS product and its community (revised)
How to create/improve OSS product and its community (revised)How to create/improve OSS product and its community (revised)
How to create/improve OSS product and its community (revised)
 
Unix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsUnix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell Labs
 
The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010
 
kernel code reading party on March 28th, 2014
kernel code reading party on March 28th, 2014kernel code reading party on March 28th, 2014
kernel code reading party on March 28th, 2014
 

Mais de Toshiharu Harada, Ph.D

Job's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation KitJob's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation KitToshiharu Harada, Ph.D
 
’You’ve got to find what you love,’ Jobs says
’You’ve got to find what you love,’ Jobs says’You’ve got to find what you love,’ Jobs says
’You’ve got to find what you love,’ Jobs saysToshiharu Harada, Ph.D
 
CaitSith 新しいルールベースのカーネル内アクセス制御
CaitSith 新しいルールベースのカーネル内アクセス制御CaitSith 新しいルールベースのカーネル内アクセス制御
CaitSith 新しいルールベースのカーネル内アクセス制御Toshiharu Harada, Ph.D
 
The role of "pathname based access control" in security"
The role of "pathname based access control" in security"The role of "pathname based access control" in security"
The role of "pathname based access control" in security"Toshiharu Harada, Ph.D
 
振る舞いに基づくSSHブルートフォースアタック対策
振る舞いに基づくSSHブルートフォースアタック対策振る舞いに基づくSSHブルートフォースアタック対策
振る舞いに基づくSSHブルートフォースアタック対策Toshiharu Harada, Ph.D
 
僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへ僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへToshiharu Harada, Ph.D
 
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」Toshiharu Harada, Ph.D
 
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」Toshiharu Harada, Ph.D
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
プロセス実行履歴に基づくアクセスポリシー自動生成システム
プロセス実行履歴に基づくアクセスポリシー自動生成システムプロセス実行履歴に基づくアクセスポリシー自動生成システム
プロセス実行履歴に基づくアクセスポリシー自動生成システムToshiharu Harada, Ph.D
 
使いこなせて安全なLinuxを目指して
使いこなせて安全なLinuxを目指して使いこなせて安全なLinuxを目指して
使いこなせて安全なLinuxを目指してToshiharu Harada, Ph.D
 

Mais de Toshiharu Harada, Ph.D (20)

20090703 tomoyo thankyou
20090703 tomoyo thankyou20090703 tomoyo thankyou
20090703 tomoyo thankyou
 
Job's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation KitJob's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation Kit
 
’You’ve got to find what you love,’ Jobs says
’You’ve got to find what you love,’ Jobs says’You’ve got to find what you love,’ Jobs says
’You’ve got to find what you love,’ Jobs says
 
CaitSith 新しいルールベースのカーネル内アクセス制御
CaitSith 新しいルールベースのカーネル内アクセス制御CaitSith 新しいルールベースのカーネル内アクセス制御
CaitSith 新しいルールベースのカーネル内アクセス制御
 
TOMOYO Linuxのご紹介
TOMOYO Linuxのご紹介TOMOYO Linuxのご紹介
TOMOYO Linuxのご紹介
 
LSM Leaks
LSM LeaksLSM Leaks
LSM Leaks
 
The role of "pathname based access control" in security"
The role of "pathname based access control" in security"The role of "pathname based access control" in security"
The role of "pathname based access control" in security"
 
Tomoyo linux introduction
Tomoyo linux introductionTomoyo linux introduction
Tomoyo linux introduction
 
Your First Guide to "secure Linux"
Your First Guide to "secure Linux"Your First Guide to "secure Linux"
Your First Guide to "secure Linux"
 
振る舞いに基づくSSHブルートフォースアタック対策
振る舞いに基づくSSHブルートフォースアタック対策振る舞いに基づくSSHブルートフォースアタック対策
振る舞いに基づくSSHブルートフォースアタック対策
 
僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへ僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへ
 
Why TOMOYO Linux?
Why TOMOYO Linux?Why TOMOYO Linux?
Why TOMOYO Linux?
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO Linux
 
ComSys2009
ComSys2009ComSys2009
ComSys2009
 
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
 
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
 
プロセス実行履歴に基づくアクセスポリシー自動生成システム
プロセス実行履歴に基づくアクセスポリシー自動生成システムプロセス実行履歴に基づくアクセスポリシー自動生成システム
プロセス実行履歴に基づくアクセスポリシー自動生成システム
 
TOMOYO Linux
TOMOYO LinuxTOMOYO Linux
TOMOYO Linux
 
使いこなせて安全なLinuxを目指して
使いこなせて安全なLinuxを目指して使いこなせて安全なLinuxを目指して
使いこなせて安全なLinuxを目指して
 

Último

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Último (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Realities of Mainlining -- Case of the TOMOYO Linux project

  • 1. Realities of Mainlining - Case of the TOMOYO Linux Project - Toshiharu Harada <haradats@nttdata.co.jp> <haradats@gmail.com> NTT DATA CORPORATION July 9, 2008
  • 2. TOMOYO Linux ✴ “pathname-based” Mandatory Access Control (MAC) enhancements ✴ Started as a R&D project of NTT DATA CORPORATION in 2003 ✴ Available as open source since Nov. 2005 ✴ LiveCD is available ✴ http://tomoyo.sourceforge.jp/wiki-e/?TomoyoLive ✴ TOMOYO is a registered trademark of NTT DATA CORPORATION
  • 3. Toshiharu Kentaro Tetsuo (project manager) (LSM version) (main architect) Project members
  • 4. Instructions ✴ During the presentation, I will ask a couple of questions to the guests. ✴ Guests have the plate and are expected to show us the answer.
  • 5. Instructions ✴ During the presentation, I will ask a couple of questions to the guests. ✴ Guests have the plate and are expected to show us the answer.
  • 6. Exercise • What’s your name? Andrew Morton Paul Moore James Morris
  • 7. Question • Have you ever heard of “TOMOYO Linux” I tried TOMOYO Linux and liked it Yes What is it?
  • 8. March 2003 ✴ Project launched at Kayabacho in Japan without ✴ kernel development experiences ✴ specific goal ✴ smart, experienced project manager
  • 9. When we started ✴ We didn’t know the words “mainline”, “upstream” and “OLS” ✴ We never thought of making our work to be merged in the Linux kernel ✴ But now mainline is our major concern
  • 10. There has been changes ✴ We met many people ✴ Some people told us, some suggested, some demanded ...
  • 11. April 2006 Meeting with Russell ✴ Russell Coker has visited Japan ✴ We showed him an early version TOMOYO Linux and received some comments ✴ He was the first person that suggested mainlining
  • 12. ✴ “Use the Linux auditing for event logging” ✴ “Use LSM interfaces. If you can entirely use LSM interfaces then TOMOYO can be a candidate for inclusion ...” ✴ “I suggest is to have equivalence classes (let’s call them domains).This means that “vi” and “emacs” will be considered to have identical security properties ...” ✴ We have done the above by now
  • 13. He wrote to me ✴ “If you mostly use LSM interfaces then you will save significant amount of work in terms of maintaining support for new kernels and also save development work for everyone who wants to use your system along with other patches.” ✴ Full statements with Japanese translation is found at http://lists.sourceforge.jp/mailman/ archives/tomoyo-users/2006-April/000062.html
  • 14. Dec. 8, 2006 ✴ Satoru Ueda of CELF (Consumer Electronics Linux Forum) asked me to demonstrate TOMOYO Linux at their technical meeting. ✴ http://tree.celinuxforum.org/CelfPubWiki/ JapanTechnicalJamboree12 ✴ I spoke to them, ✴ “please send requests/questions in Japanese” ✴ “please use TOMOYO Linux” ✴ And got ...
  • 15. Unexpected Comments ✴ They said ✴ “We want to use only in-tree modules” ✴ “Why don’t you try mainlining?” ✴ “Think global go out the world” ✴ “Try submitting ELC2007 (Embedded Linux Conference 2007)”
  • 16. Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ...
  • 17. Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ...
  • 18. Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ... Hiro Yoshioka (YLUG)
  • 19. Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ... Hiro Yoshioka (YLUG) Masahiro Itoh (BlueQuartz)
  • 20. Feb. 8, 2007 ✴ Hiro Yoshioka of Miracle Linux gently asked me to introduce TOMOYO Linux to a pretty famous Japanese community,YLUG (Yokohama Linux Users Group) ✴ I accepted as usual not knowing what would happen ... Hiro Yoshioka (YLUG) Masahiro Itoh (BlueQuartz) Hideaki Yoshifuji (Usagi)
  • 21. “We will fix you!” ✴ It was a meeting of the Hell ✴ They compelled us to try mainlining ✴ We were scolded and they told us to see the world ✴ They even demanded us to challenge OLS ✴ It was only 7 days to the deadline and I didn’t know what OLS was :-) huh!
  • 22. Evidence tells ... ✴ There is a movie. ✴ The 72th kernel reading party (92 min)
  • 23. March 2007 ✴ ELC2007 and OLS2007, both submissions were accepted despite of my expectations ✴ The beginning of the hard days
  • 24. We worked hard ✴ Jumped in the LKML AppArmor threads ✴ Started making new TOMOYO Linux patches that use LSM ✴ We wanted to post them to LKML before OLS2007
  • 25. Apr. 18, 2007 ELC2007! ✴ We had ✴ 2 sessions (presentation and tutorial) ✴ Not many people came to our session as expected, but ...
  • 26. There he was! (Jonathan Corbet attended our session)
  • 27. There he was! (Jonathan Corbet attended our session)
  • 28. Suggestions from the Heaven ✴ “Try making TOMOYO Linux to be merged” ✴ “Talk with AppArmor people” ✴ We were encouraged, very very deeply ✴ We’ve followed the above advices before OLS2007
  • 29. TOMOYO Linux LKML logs • We are maintaining a Wiki page to follow our postings. • http://tomoyo.sourceforge.jp/wiki-e/? WhatIs#mainlining • Each posting is linked to a corresponding LWN.net article.
  • 30. June 13, 2007 ✴ LKML debut of TOMOYO Linux ✴ We wrote URL to reduce the e-mail size ... ✴ Not in LKML standard coding style ... ✴ Tabs were not properly handled ... ✴ Full of failures
  • 31. Message from Mr. SELinux ✴ Stephen Smalley sent me a message ✴ “If you really want feedback or to get your code into the kernel, you need to do more than post a URL to the code - you need to break your code down into a number of patches and post them...” ✴ I appreciated his consideration
  • 32. Message from Japanese community ✴ from Goto-san @fujitsu ✴ “You should choose mm tree or rc as base of the patches” ✴ “Be careful to follow the LKML standard CodingStyle (checkpatch.pl might help)” ✴ “Use quilt” ✴ We didn’t understand those basic rules
  • 33. How to start • It’s simple, just give it a try • You don’t have to be perfect (as we were) • There are people who would help you • You just need to “go out” to be visible
  • 34. What You Need to Join the kernel development ✴ The source code of Linux ✴ Enormous documentations and genius tools are included as part of Linux ✴ Mail program that understands threads and ...
  • 35. What You Need to Join the kernel development ✴ The source code of Linux ✴ Enormous documentations and genius tools are included as part of Linux ✴ Mail program that understands threads and ... Courage
  • 36. Where to find the source? • Visit www.kernel.org • Browse LXR sites • http://tomoyo.sourceforge.jp/cgi-bin/ lxr/source • http://lxr.linux.no/ • Use Git (http://git.or.cz/)
  • 37. Jun. 29, 2007 Ottawa! (photo: just waiting for the time of our very first session at OLS)
  • 38. ✴ Stephen Smalley, Chris Wright, Joshua Brindle, Seth Arnold, Hadi Nahari and other secure-OS guys came to my session ✴ What a pleasure!
  • 39. AppArmor and SELinux guys began fighting
  • 40. AppArmor and SELinux guys began fighting
  • 41. AppArmor and SELinux guys began fighting I thought ...
  • 42. ... (>_<) why in my session ...
  • 43. Question • Do you recognize “(>_<)”? Yes Don’t know (tell me)
  • 44. Answer • (>_<) auch! • (^_^) happy • (T_T) sad (crying) • How about “orz”?
  • 45. anyway ... ✴ It was a really wonderful experience ✴ We met many people ✴ We found we were with community ✴ Unforgettable day ✴ I wrote a wiki page ✴ http://tomoyo.sourceforge.jp/wiki-e/? OLS2007-BOF
  • 46. OLS2007 The night of miracle ✴ Stephen spared his time to talk with US after the session!!! ✴ He suggested us TOMOYO Linux get married with SELinux or AppArmor
  • 47. OLS2007 The night of miracle ✴ Stephen spared his time to talk with US after the session!!! ✴ He suggested us TOMOYO Linux get married with SELinux or AppArmor
  • 48. Oct. 2, 2007 ✴ Linus suddenly appeared in SMACK thread and spoke out loud ✴ I’m tired of this “only my version is correct” crap. The whole and only point of LSM was to get away from that. ✴ Linus’ message sounded like a chance (sorry for James ...), so we rushed to prepare the 3rd posting
  • 49. “only my version is correct” crap? • Linus’ words raised me questions • I didn’t think SELinux people (or James) meant only SELinux was correct ... • Single solid security vs. choices
  • 50. Questions? • Should Linux have multiple choices for fundamental security mechanism? Yes No Other (let me say!)
  • 51. Oct. 11, 2007 Shock • We got 0 (zero) feedbacks for our 4th posting • This is sort of TOMOYO Linux project’s difficulties
  • 52. ✴ Positive feedbacks are always Good! ✴ Negative feedbacks and NACK are “Not BAD” ✴ No feedbacks is BAD
  • 53. Question • How can this (*no* feedbacks) happen? • What should we do when there is no feedbacks?
  • 54. Nov. 29, 2007 PacSec2007 Dragos in Tokyo http://sourceforge.jp/projects/tomoyo/document/PacSec2007-handout.pdf
  • 55. Dec. 25, 2007 Posted Security Goal ✴ Serge E. Hallyn has suggested to enhance ✴ TOMOYO provides no sort of information flow control ✴ TOMOYO is purely restrictive ✴ Learning mode is primary source of policy so you depend on change of behavior to detect intruders ✴ but any intruder who attempts to do something which the compromised software wouldn’t have done should be stopped and detected
  • 56. Feb. 24, 2008 FOSDEM’08 http://sourceforge.jp/projects/tomoyo/document/fosdem2008.pdf
  • 57. Apr. 14, 2008 TOMOYO on LWN.net http://lwn.net/Articles/277833/ What a nice surprise to see my project on LWN.net!
  • 58. Apr. 25, 2008 ELC2008 http://sourceforge.jp/projects/tomoyo/ document/elc2008.pdf
  • 59. TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
  • 60. TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
  • 61. TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
  • 62. TOMOYO threads posters top 10 (thanks!) 2007/06/13 2007/06/14 2007/08/24 2007/10/02 2007/10/11 2007/11/16 2007/12/25 2008/01/08 2008/01/09 2008/04/04 2008/05/01
  • 63. Paul, James and ... • Are we missing someone? ... NO • HE has sent Tetsuo personal messages several times as well as Stephen • If you move, you will know there are people to help you
  • 65. Statistics FOSDEM2008 ELC2008 OLS2007 PacSec2007 ELC2007
  • 66. OLS2008? Statistics FOSDEM2008 ELC2008 OLS2007 PacSec2007 ELC2007
  • 67. Jul. 9, 2008 (today) Current Status ✴ We are still in the middle of our way ✴ It might take a month, a year or a decade, but we know we will never give up ✴ Merging TOMOYO Linux started as our mission, but now they are our personal goals ✴ We found joys in ourselves
  • 68. Question • Do you think TOMOYO will be merged someday? Send me the patches and I will merge them in my git tree Someday, maybe ... I don’t want to mention now
  • 69. When in doubt ✴ Don’t worry, you can ask “HIM”
  • 70. When in doubt ✴ Don’t worry, you can ask “HIM” _ ─ ─ ● ● | __ __ | / ∩ ⊃ ( | | . “ | |
  • 71. Question • Who is “HE”? don’t know “Me”
  • 72. HIM (page 13 of 14) http://www.celinux.org/elc08_presentations/morton-elc-08.ppt please read and find HIM
  • 73. HIM (page 13 of 14) http://www.celinux.org/elc08_presentations/morton-elc-08.ppt please read and find HIM
  • 74.
  • 75. _ ─ ─ ● ● | __ __ | “ i f t h e r e ʼs something in it for me”? / ∩ ⊃ ( | | . “ | |
  • 76. You can also ask ME • I think I am a kind of nice person • I will help you if I can • I have legs, too (not great, though) ImpressIT
  • 77. You can also ask ME • I think I am a kind of nice person • I will help you if I can • I have legs, too (not great, though) _ ─ ─ ● ● | __ __ | / ∩ ⊃ ( | | . “ | | ImpressIT
  • 78. Question • Will you help us Japanese developers? Yes No
  • 79. I came to find ✴ There were many people to help us ✴ We were not required the perfectness ✴ Every experiences are real treasures ... ✴ Go out and find your story and treasures
  • 80. Mainlining ✴ it’s not easy, but it’s not impossible, either ✴ painful sometimes, but not all time ✴ yes, we are enjoying the whole process even in the difficulties ✴ we can try because now we know it’s worth
  • 81. Mainlining ✴ it’s not easy, but it’s not impossible, either ✴ painful sometimes, but not all time ✴ yes, we are enjoying the whole process even in the difficulties ✴ we can try because now we know it’s worth It’s worth
  • 82. What you need • Read the documents, first (almost everything is already there) • Start to live within the LKML and subscribe LWN • Attend community events and meetings (they will not kill you)
  • 83. With a little help from my friend
  • 84. With a little help from my friend • http://elinux.org/TomoyoLinux • http://tomoyo.sourceforge.jp/ • http://sourceforge.jp/projects/tomoyo/ Thank you (^_^)/~ see you @ols2008