[PATCH] tomoyo: Add a kernel config option for fuzzing testing.

Tetsuo Handa penguin-kernel at i-love.sakura.ne.jp
Mon Mar 4 23:59:19 UTC 2019


Stephen Smalley wrote:
> On 3/4/19 8:35 AM, Tetsuo Handa wrote:
> > James, please include this patch for 5.1-rc1, for failing to include
> > this patch will prevent various trees (SELinux/Smack/AppArmor) from
> > proper testing due to this problem because syzbot is enabling both
> > TOMOYO and one of SELinux/Smack/AppArmor via lsm= boot parameter.
> > 
> > By including this patch and building kernels with this config option
> > enabled, syzbot will be able to continue proper testing.
> 
> Could you clarify the status of upstream TOMOYO?  Is its MAINTAINERS 
> entry still accurate?  Is it still actively maintained?

Mainly bugfixes and Q&A phase like
https://osdn.net/projects/tomoyo/lists/archive/users-en/2017-July/000685.html .

Now that TOMOYO can coexist with one of SELinux/Smack/AppArmor, TOMOYO users
can borrow ready-made rules from them and utilize TOMOYO's ability to generate
custom-made rules for things like
https://tomoyo.osdn.jp/1.8/ssh-protection-using-environment.html .

>                                                          Its existing 
> documentation (in-tree and the tomoyo.osdn.jp site) seem to suggest that 
> using the pre-LSM version and/or AKARI are preferred to using the 
> upstream version. Is that still true, and do you envision it changing?

I guess that majority of TOMOYO users are now using the upstream version. But
pre-LSM version and/or AKARI will remain there until LKM-based LSMs becomes
officially supported, for e.g. Fedora/RHEL users will need to use AKARI because
TOMOYO is not available ( https://bugzilla.redhat.com/show_bug.cgi?id=542986 ).



More information about the Linux-security-module-archive mailing list