Thank you very much. I changed the init=/linuxrc to
init=/sbin/akari-init of my embedded device and create the directoty
/proc/modules.
When i started the system, the output is:
...
IP-Config: Complete:
device=eth0, addr=192.168.1.133, mask=255.255.255.0, gw=192.168.1.1,
host=192.168.1.133, domain=, nis-domain=(none),
bootserver=192.168.1.155, rootserver=192.168.1.155, rootpath=
Freeing init memory: 1412K
1Wire touchscreen OK
security_ops=c0799ca4
find_task_by_vpid=c019be10
find_task_by_pid_ns=c019bdfc
__d_path=c01f6664
AKARI: 1.0.27 2012/05/05
Access Keeping And Regulating Instrument registered.
Not activating Mandatory Access Control now since /sbin/tomoyo-init
doesn't exist.
Calling /sbin/ccs-init to load policy. Please wait.
1 domain. 0 ACL entry.
5 KB used by policy.
CCSecurity: 1.8.3+ 2012/05/05
Mandatory Access Control activated.
...
It's ok. Thanks again.
2012/6/26 Tetsuo Handa <from-tomoyo-dev...@i-love.sakura.ne.jp>:
> casinee app wrote:
>> #insmod akari.ko
>> The output is:
>> one_wire_status: 4
>> security_ops=c0799ca4
>> find_task_by_vpid=c019be10
>> find_task_by_pid_ns=c019bdfc
>> __d_path=c01f6664
>> AKARI: 1.0.27 2012/05/05
>> Access Keeping And Regulating Instrument registered.
>>
>> Is this correct???
>
> Yes, this is correct.
> (I assume you loaded akari.ko into your embedded device's kernel.)
>
>> After the kernel module, i compiled the usrspace tools
>> ccs-tools-1.8.3-20120414.tar.gz.
>> When i executed the command:
>> # /usr/lib/ccs/init_policy --module_name=akari
>> it work correctly, the output is:
>> Creating policy directory... OK
>> Creating configuration directory... OK
>> Creating exception policy... OK
>> Creating domain policy... OK
>> Creating manager policy... OK
>> Creating default profile... OK
>> Creating stat policy... OK
>> Creating module loader... OK
>> Creating configuration file for ccs-editpolicy ... OK
>> Creating configuration file for ccs-auditd ... OK
>> Creating configuration file for ccs-patternize ... OK
>> Creating configuration file for ccs-notifyd ... OK
>>
>> But when i use the ccs-editpolicy, there always is only the <kernel>
>> domain. Does the AKARI is not work correctly?
>
> AKARI is working correctly, but AKARI is not yet activated.
>
> Regarding TOMOYO 1.x, since policy loader code (load_policy.c) is embedded
> into
> the vmlinux, the kernel can automatically call /sbin/ccs-init and activate
> TOMOYO 1.x when /sbin/init starts.
>
> But regarding AKARI, policy loader code is not embedded into the vmlinux.
> Since it is impossible to tell the kernel that "the kernel should call
> /sbin/ccs-init and activate AKARI when /sbin/init starts" until loading
> akari.ko module, AKARI needs init=/sbin/ccs-init boot parameter.
>
> The reason you see only the <kernel> domain is that AKARI is not yet activated
> because /sbin/ccs-init (or /sbin/akari-init) is not yet called when /sbin/init
> starts. Until AKARI is activated, domain transition is suppressed by default.
>
> Try loading akari.ko when /sbin/init on your embedded device starts,
> by passing init=/sbin/akari-init . /sbin/akari-init would look something like
>
> #! /bin/sh
> /sbin/modprobe akari && exec /sbin/init "$@"
>
> .
>
> _______________________________________________
> tomoyo-dev-en mailing list
> tomoyo-dev-en@lists.sourceforge.jp
> http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
_______________________________________________
tomoyo-dev-en mailing list
tomoyo-dev-en@lists.sourceforge.jp
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
