Hello. On 2022/06/10 7:43, Andre T wrote: > However on the other PC (referring to it as *PC2*) , tomoyo will apparently > not load policies. This regardless of whatever i try. And i've now basically > ran out of thoughts as to what might be wrong and how to troubleshoot it any > further.
I think that TOMOYO is not activated on PC2. > * Tomoyo is reporting itself as being initialized and running on both > trough > o dmesg | grep -A 1 -B 1 TOMOYO > o cat /sys/kernel/security/lsm > o grep tomoyo_write_inet_network /proc/kallsyms These checks can tell you that TOMOYO is available in the kernel, but can not tell you that TOMOYO was activated in the kernel. When TOMOYO is loaded, TOMOYO Linux initialized will appear in the dmesg output. When TOMOYO is activated, Calling /sbin/tomoyo-init to load policy. Please wait. TOMOYO: 2.6.0 Mandatory Access Control activated. will appear in the dmesg output. /sbin/tomoyo-init (which is specified using CONFIG_SECURITY_TOMOYO_POLICY_LOADER from the kernel config file, and can be overridden using TOMOYO_loader= from kernel command line) loads policy from /etc/tomoyo/ directory. If /sbin/tomoyo-init does not exist, Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist. will appear in the dmesg output (and TOMOYO will not be activated). /sbin/tomoyo-init is called when /sbin/init (which is specified using CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER from the kernel config file, and can be overridden using TOMOYO_trigger= from kernel command line) is executed. > Hoping someone might have some ideas or clues as what is going on with PC2 if > even just things that might theoretically be the cause of it issue. For some reason a program to activate TOMOYO is not called on PC2. Please check that /sbin/tomoyo-init exists and can be manually executed from a shell on PC2. Then, please check that either Calling /sbin/tomoyo-init to load policy. Please wait. or Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist. appears in the dmesg output when you reboot PC2. > I'm happy to provide any further info that might help identifying the causes. Providing output of dmesg | grep -i tomoyo will tell us above. Regards. _______________________________________________ tomoyo-users-en mailing list tomoyo-users-en@lists.osdn.me https://lists.osdn.me/mailman/listinfo/tomoyo-users-en
