kernel panic: MAC Initialization failed.
Dmitry Vyukov
dvyukov at google.com
Thu Feb 28 10:23:42 UTC 2019
On Thu, Feb 28, 2019 at 11:20 AM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
>
> On 2019/02/28 15:51, Dmitry Vyukov wrote:
> > On Wed, Feb 27, 2019 at 11:37 PM Tetsuo Handa
> >>
> >> Thank you. The LSM stacking seems to be working as expected.
> >> But this one should not be considered as a bug.
> >>
> >> If something went wrong before loading access control rules,
> >> it is pointless to continue. Thus, stopping with kernel panic.
> >
> > Hi Tetsuo,
> >
> > What misconfiguration you mean?
>
> To use security modules, access control rules need to be loaded. Regarding
> TOMOYO, access control rules can be loaded from the kernel itself (built-in)
> and/or from /etc/tomoyo/ directory via /sbin/tomoyo-init (run-time).
>
> Since the kernel is built without built-in policy and /sbin/tomoyo-init does
> not exist, memory allocation failure is handled as a fatal problem.
>
> But if syzbot cannot test other paths due to hitting this path, we need to somehow
> avoid panic(). Can you add tomoyo-tools package into your rootfs images? It is
> explained at https://tomoyo.osdn.jp/2.6/chapter-3.html .
Is installing the package everything that needs to be done? It's not a
standard package, right?
What does it do? Frequently there is like 3 DVD's of some software,
but everything that needs to be done is a single system call? What
exactly from kernel perspective we need to do?
More information about the Linux-security-module-archive
mailing list