[tomoyo-users-en 737] Can't get Tomoyo to load policies on one of two (near identical systems) PCs..

Thu, 09 Jun 2022 15:43:25 -0700 

I've recently started using using tomoyo on two quite similar systems
On one of the PCs (referring to it as *PC1*) it appears to all be running fine and as expected.
However on the other PC (referring to it as *PC2*) , tomoyo will apparently not load policies. This regardless of whatever i try. And i've now basically ran out of thoughts as to what might be wrong and how to troubleshoot it any further. 

 * Both PCs are running 64bit Arch Linux and are utilizing current
   kernel(s) *5.18.1-arch1-1 *as confirmed trough /uname -r/
   **
 * Both using the 'tomoyo-tools' AUR packages respective to
   instructions on
   /https://wiki.archlinux.org/title/TOMOYO_Linux#TOMOYO_Linux_2.x/
   **
 * Both boot from GRUB to ext4 root filesystems with
   lsm=landlock,lockdown,yama,tomoyo,bpf set identically trough
   //etc/default/grub/
     o GRUB_CMDLINE_LINUX_DEFAULT="lsm=landlock,lockdown,yama,tomoyo,bpf"/

       /
 * Tomoyo is reporting itself as being initialized and running on both
   trough
     o /dmesg | grep -A 1 -B 1 TOMOYO
       /
     o /cat /sys/kernel/security/lsm/
     o /grep tomoyo_write_inet_network /proc/kallsyms

       /
 * PC1 is an AMD ryzen7 platform while PC2 is an Intel platform
 * PC2 gets used via SSH and is headless, PC1 via graphical
   desktop/terminal
If i make alterations to files/in /etc/tomoyo/*/  ,the changes will reflect fine and as expected on PC1. Though on PC2 not even the defaults as set by /usr/lib/tomoyo/init_policy gets imitated upon it's booting and the settings stay on disk only. PC2 appears to only have tomoyo function should i manually use/tomoyo-loadpolicy/. PC2 will apparently ignore anything set in/from that folder, and will for some reason always boot to an empty /'0:  0     <kernel>/' domains listing and nothing else getting listed, as well having nothing for profile except /0: PROFILE_VERSION=20150505 /and only two lines at exception policy being : 

    0: initialize_domain /sbin/hotplug from any
    1: initialize_domain /sbin/modprobe from any
Hoping someone might have some ideas or clues as what is going on with PC2 if even just things that might theoretically be the cause of it issue.
I'm happy to provide any further info that might help identifying the causes. 

Skål! 🍺


_______________________________________________
tomoyo-users-en mailing list
tomoyo-users-en@lists.osdn.me
https://lists.osdn.me/mailman/listinfo/tomoyo-users-en

Reply via email to