On 08/13/2017 05:41 PM, Tetsuo Handa - penguin-ker...@i-love.sakura.ne.jp wrote: > stank.k...@xoxy.net wrote: >> > Are there messages like >> > >> > <kernel> /usr/sbin/sshd /usr/bin/bash /usr/sbin/tomoyo-editpolicy ( /usr/sbin/tomoyo-editpolicy ) is not permitted to update policies. >> > >> > in output of dmesg command? If yes, programs for updating on-memory policies are not listed in >> > /sys/kernel/security/tomoyo/manager . Please make sure that you executed /usr/lib/tomoyo/init_policy . >> >> Yes, I see "<kernel> /usr/bin/agetty /usr/bin/login /usr/bin/bash >> /usr/bin/tomoyo-editpolicy ( /usr/bin/tomoyo-editpolicy ) is not >> permitted to update policies." I thought I had run >> /usr/lib/tomoyo/init_policy , but I may have forgotten this second time. >> I had to remove tomoyo and its files and reinstall because something I >> did (I don't know what; I wasn't able to edit the policies the first >> time, either), caused a kernel panic when starting X with tomoyo running. >> >> I ran # /usr/lib/tomoyo/init_policy and still am not able to edit the >> policies (same output in dmesg). >> > OK. So, /etc/tomoyo/manager.conf is expected to be loaded into > /sys/kernel/security/tomoyo/manager when /sbin/init starts upon boot, but > for some reason it is not loaded yet. Well, for Arch Linux, it might be > systemd rather than init . > > Did you reboot the system after you executed /usr/lib/tomoyo/init_policy > so that /sbin/tomoyo-init will load /etc/tomoyo/manager.conf into > /sys/kernel/security/tomoyo/manager when /sbin/init starts upon boot? > > After rebooting, is /sys/kernel/security/tomoyo/manager still empty?
Both /sys/kernel/security/tomoyo/manager and /etc/tomoyo/manager.conf are empty after running /usr/lib/tomoyo/init_policy and rebooting. (/etc/tomoyo/manager.conf is empty immediately after running init_policy. No relevant output is in dmesg.) _______________________________________________ tomoyo-users-en mailing list tomoyo-users-en@lists.osdn.me http://lists.osdn.me/mailman/listinfo/tomoyo-users-en
