[PATCH] security/tomoyo: Prevent message flooding if no Tomoyo loader is present

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Thu Jul 25 06:34:23 UTC 2024


Hello.

On 2024/07/25 14:42, Yafang Shao wrote:
> After upgrading our OS to Rocky Linux 9, we've noticed an abundance of
> Tomoyo-related messages in the dmesg output, specifically indicating that
> Mandatory Access Control is not being activated due to the absence of
> /sbin/tomoyo-init. These messages repeatedly appear as systemd periodically
> checks for Tomoyo, but since the loader does not exist, it triggers the
> messages, as follows,

TOMOYO requires zero modification of userspace programs (including systemd).
That is, systemd is not checking for TOMOYO periodically. It is some other
program that is executing /usr/lib/systemd/systemd (maybe as a container's
init program), and TOMOYO is checking for /sbin/tomoyo-init when
/usr/lib/systemd/systemd is executed.

> While disabling Tomoyo is a straightforward solution to prevent the message
> flooding, it's suboptimal as we're unsure if any system components rely on
> its functionality.

No userspace programs rely on TOMOYO's functionality (except TOMOYO's management
tools including /sbin/tomoyo-init ). It is safe to disable TOMOYO.

>                    A more elegant approach would be to modify the logging
> mechanism to use pr_info_once() instead of the default one, which would
> reduce the number of redundant messages without compromising the
> functionality of the system. This change would ensure that the necessary
> information is logged once, preventing the dmesg from being cluttered
> with repetitive messages.

The message your patch tries to limit typically appears when /usr/lib/systemd/systemd
is executed from initramfs, for /sbin/tomoyo-init is installed inside the / filesystem
which will be mounted by initramfs, and /sbin/tomoyo-init becomes ready to execute
when initramfs transfers its execution to /usr/lib/systemd/systemd within
the / filesystem.

Therefore, this message is intended as a debug message that tells administrators that
you might have forgotten to install TOMOYO's management tools. I didn't expect that
administrators enable TOMOYO without installing TOMOYO's management tools.

> Signed-off-by: Yafang Shao <laoar.shao at gmail.com>

Thank you for a patch. But so far I don't think we need this change.




More information about the Linux-security-module-archive mailing list