[PATCH] tomoyo: Add a kernel config option for fuzzing testing.
jmorris at namei.org
Tue Mar 12 18:21:52 UTC 2019
On Thu, 28 Feb 2019, Tetsuo Handa wrote:
> syzbot is reporting kernel panic triggered by memory allocation fault
> injection before loading TOMOYO's policy . To make the fuzzing tests
> useful, we need to assign a profile other than "disabled" (no-op) mode.
> Therefore, let's allow syzbot to load TOMOYO's built-in policy for
> "learning" mode using a kernel config option. This option must not be
> enabled for kernels built for production system, for this option also
> disables domain/program checks when modifying policy configuration via
> /sys/kernel/security/tomoyo/ interface.
I don't understand the logic here. If the cause of this is no policy
loaded combined with running out of memory, shouldn't the no-policy issue
be dealt with earlier?
<jmorris at namei.org>
More information about the Linux-security-module-archive