[PATCH] security/tomoyo: Prevent message flooding if no Tomoyo loader is present
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Thu Jul 25 06:34:23 UTC 2024
Hello.
On 2024/07/25 14:42, Yafang Shao wrote:
> After upgrading our OS to Rocky Linux 9, we've noticed an abundance of
> Tomoyo-related messages in the dmesg output, specifically indicating that
> Mandatory Access Control is not being activated due to the absence of
> /sbin/tomoyo-init. These messages repeatedly appear as systemd periodically
> checks for Tomoyo, but since the loader does not exist, it triggers the
> messages, as follows,
TOMOYO requires zero modification of userspace programs (including systemd).
That is, systemd is not checking for TOMOYO periodically. It is some other
program that is executing /usr/lib/systemd/systemd (maybe as a container's
init program), and TOMOYO is checking for /sbin/tomoyo-init when
/usr/lib/systemd/systemd is executed.
> While disabling Tomoyo is a straightforward solution to prevent the message
> flooding, it's suboptimal as we're unsure if any system components rely on
> its functionality.
No userspace programs rely on TOMOYO's functionality (except TOMOYO's management
tools including /sbin/tomoyo-init ). It is safe to disable TOMOYO.
> A more elegant approach would be to modify the logging
> mechanism to use pr_info_once() instead of the default one, which would
> reduce the number of redundant messages without compromising the
> functionality of the system. This change would ensure that the necessary
> information is logged once, preventing the dmesg from being cluttered
> with repetitive messages.
The message your patch tries to limit typically appears when /usr/lib/systemd/systemd
is executed from initramfs, for /sbin/tomoyo-init is installed inside the / filesystem
which will be mounted by initramfs, and /sbin/tomoyo-init becomes ready to execute
when initramfs transfers its execution to /usr/lib/systemd/systemd within
the / filesystem.
Therefore, this message is intended as a debug message that tells administrators that
you might have forgotten to install TOMOYO's management tools. I didn't expect that
administrators enable TOMOYO without installing TOMOYO's management tools.
> Signed-off-by: Yafang Shao <laoar.shao at gmail.com>
Thank you for a patch. But so far I don't think we need this change.
More information about the Linux-security-module-archive
mailing list