[tomoyo-users-en 700] Re: Tomoyo 2.5 using OpenRC - "Please mount securityfs on /sys/kernel/security/"

[Tetsuo Handa]

Hello.

Thank you for trying TOMOYO.

On 2018/08/19 1:22, Jose Jurado wrote:
> Tomoyo 2.5.0 was installed in Calculate Linux, a Gentoo distro using OpenRC 
> as init.
> On reboot, as root, the policy editor can be run by executing:
>   # /usr/sbin/tomoyo-editpolicy /etc/tomoyo/
> However, next, I get the following response with the policy editor in this 
> fashion:
>   # /usr/sbin/tomoyo-editpolicy 
>   Please mount securityfs on /sys/kernel/security/ .

This message is printed when tomoyo-editpolicy failed to mount securityfs on 
/sys/kernel/security/ .
Most likely cause is that sysfs is not yet mounted on /sys/ because sysfs 
should provide
kernel/security/ directory.

>   You can't use this editor for this kernel.

This message is printed when tomoyo-editpolicy failed to find 
/sys/kernel/security/tomoyo/ directory.
Most likely cause is that securityfs is not yet mounted on 
/sys/kernel/security/ .

> Several types of attempts were made to mount securityfs, but then it was 
> apparent that /sys/kernel/security does not exist:
>   # mount -t securityfs securityfs /sys/kernel/security
>   mount: /sys/kernel/security: mount point does not exist

This message suggests that sysfs is not yet mounted on /sys/ . I have never 
tried Calculate Linux.
But unless tomoyo-editpolicy is executed from a different namespace where /sys/ 
directory does not
exist, /sbin/tomoyo-init should have already mounted sysfs on /sys/ . There are 
two possibilities:

 (1) /sys/ directory does not exist in a namespace where tomoyo-editpolicy is 
attempted.
     Please check what "ls -l /sys/kernel/" says. The output should include 
security/
     directory if sysfs was already mounted on /sys/ .

 (2) /sbin/tomoyo-init was not yet executed on reboot. Most likely cause is that
     CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER is not correct for your 
environment.
     Please check what "dmesg | grep -i tomoyo" says. If /sbin/tomoyo-init was 
executed
     correctly, the output should include lines like

     [    0.012652] TOMOYO Linux initialized
     [    2.661662] Calling /sbin/tomoyo-init to load policy. Please wait.
     [    2.726489] TOMOYO: 2.5.0

     If you can't find such lines, you can try TOMOYO_trigger= parameter for 
specifying
     different triggers. According to a Wiki page, OpenRC uses 
init=/usr/bin/openrc-init or
     init=/usr/bin/init-openrc instead of init=/sbin/init or 
init=/usr/libs/systemd/systemd .

Regards.

_______________________________________________
tomoyo-users-en mailing list
tomoyo-users-en@lists.osdn.me
https://lists.osdn.me/mailman/listinfo/tomoyo-users-en