[PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
penguin-kernel at i-love.sakura.ne.jp
Mon Mar 4 23:59:19 UTC 2019
Stephen Smalley wrote:
> On 3/4/19 8:35 AM, Tetsuo Handa wrote:
> > James, please include this patch for 5.1-rc1, for failing to include
> > this patch will prevent various trees (SELinux/Smack/AppArmor) from
> > proper testing due to this problem because syzbot is enabling both
> > TOMOYO and one of SELinux/Smack/AppArmor via lsm= boot parameter.
> >
> > By including this patch and building kernels with this config option
> > enabled, syzbot will be able to continue proper testing.
>
> Could you clarify the status of upstream TOMOYO? Is its MAINTAINERS
> entry still accurate? Is it still actively maintained?
Mainly bugfixes and Q&A phase like
https://osdn.net/projects/tomoyo/lists/archive/users-en/2017-July/000685.html .
Now that TOMOYO can coexist with one of SELinux/Smack/AppArmor, TOMOYO users
can borrow ready-made rules from them and utilize TOMOYO's ability to generate
custom-made rules for things like
https://tomoyo.osdn.jp/1.8/ssh-protection-using-environment.html .
> Its existing
> documentation (in-tree and the tomoyo.osdn.jp site) seem to suggest that
> using the pre-LSM version and/or AKARI are preferred to using the
> upstream version. Is that still true, and do you envision it changing?
I guess that majority of TOMOYO users are now using the upstream version. But
pre-LSM version and/or AKARI will remain there until LKM-based LSMs becomes
officially supported, for e.g. Fedora/RHEL users will need to use AKARI because
TOMOYO is not available ( https://bugzilla.redhat.com/show_bug.cgi?id=542986 ).
More information about the Linux-security-module-archive
mailing list