[PATCH] tomoyo: Add a kernel config option for fuzzing testing.
jmorris at namei.org
Tue Mar 12 21:24:00 UTC 2019
On Wed, 13 Mar 2019, Tetsuo Handa wrote:
> > I don't understand the logic here. If the cause of this is no policy
> > loaded combined with running out of memory, shouldn't the no-policy issue
> > be dealt with earlier?
> This patch is for automatically loading minimal policy at boot time
> in order to address the no-policy issue. By applying this patch, syzbot
> can test TOMOYO module without modifying userspace to load TOMOYO's policy
> when /sbin/init starts.
If syzbot is trying to test Tomoyo and this requires policy to be loaded,
shouldn't it do that?
And again, I think the no-policy situation needs to be detected before
you start trying to apply memory policies to running processes. Surely
there is some much earlier point during initialization that you will
detect that there is no policy?
<jmorris at namei.org>
More information about the Linux-security-module-archive