[PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
penguin-kernel at i-love.sakura.ne.jp
Tue Mar 12 20:56:30 UTC 2019
On 2019/03/13 3:21, James Morris wrote:
> On Thu, 28 Feb 2019, Tetsuo Handa wrote:
>
>> syzbot is reporting kernel panic triggered by memory allocation fault
>> injection before loading TOMOYO's policy [1]. To make the fuzzing tests
>> useful, we need to assign a profile other than "disabled" (no-op) mode.
>> Therefore, let's allow syzbot to load TOMOYO's built-in policy for
>> "learning" mode using a kernel config option. This option must not be
>> enabled for kernels built for production system, for this option also
>> disables domain/program checks when modifying policy configuration via
>> /sys/kernel/security/tomoyo/ interface.
>
> I don't understand the logic here. If the cause of this is no policy
> loaded combined with running out of memory, shouldn't the no-policy issue
> be dealt with earlier?
>
This patch is for automatically loading minimal policy at boot time
in order to address the no-policy issue. By applying this patch, syzbot
can test TOMOYO module without modifying userspace to load TOMOYO's policy
when /sbin/init starts.
More information about the Linux-security-module-archive
mailing list