On Thu, Feb 28, 2019 at 11:20 AM Tetsuo Handa <[email protected]> wrote: > > On 2019/02/28 15:51, Dmitry Vyukov wrote: > > On Wed, Feb 27, 2019 at 11:37 PM Tetsuo Handa > >> > >> Thank you. The LSM stacking seems to be working as expected. > >> But this one should not be considered as a bug. > >> > >> If something went wrong before loading access control rules, > >> it is pointless to continue. Thus, stopping with kernel panic. > > > > Hi Tetsuo, > > > > What misconfiguration you mean? > > To use security modules, access control rules need to be loaded. Regarding > TOMOYO, access control rules can be loaded from the kernel itself (built-in) > and/or from /etc/tomoyo/ directory via /sbin/tomoyo-init (run-time). > > Since the kernel is built without built-in policy and /sbin/tomoyo-init does > not exist, memory allocation failure is handled as a fatal problem. > > But if syzbot cannot test other paths due to hitting this path, we need to > somehow > avoid panic(). Can you add tomoyo-tools package into your rootfs images? It is > explained at https://tomoyo.osdn.jp/2.6/chapter-3.html .
Is installing the package everything that needs to be done? It's not a standard package, right? What does it do? Frequently there is like 3 DVD's of some software, but everything that needs to be done is a single system call? What exactly from kernel perspective we need to do?
