A problem was found in TOMOYO (1.8.0 to 1.8.0p2) and AKARI (1.0 to 1.0.7). If read buffer supplied when reading /proc/ccs/audit or /proc/ccs/query is smaller than the size of a log entry (e.g. "dd if=/proc/ccs/audit bs=1"), the kernel might fall into infinite loop that continues returning already read out logs.
If supplied buffer is large enough (e.g. "dd if=/proc/ccs/audit bs=10485760"), there is no problem. Since /usr/sbin/ccs-auditd and /usr/sbin/ccs-queryd use large buffer, you unlikely encounter this problem. But you likely encounter this problem if you do "/bin/cat /proc/ccs/audit". Please update to TOMOYO 1.8.0p3 ( ccs-patch-1.8.0-20110207.tar.gz ) or AKARI 1.0.8 ( akari-1.0.8-20110207.tar.gz ). By the way, Debian Squeeze was released. Debian Squeeze uses kernel 2.6.32 with TOMOYO 2.2 enabled. Thus, you can use TOMOYO 2.2 by installing userland tools (i.e. run "sudo apt-get install tomoyo-tools") and adding "security=tomoyo" to the bootloader's command line (i.e. edit /etc/default/grub and run update-grub ) and rebooting the system. But if you want to use full functionality provided by TOMOYO 1.8, you can use a build script for Squeeze's 2.6.32-5-686 kernel included in above tarball. If you want to use more functionality than TOMOYO 2.x but you don't want to replace kernel package, you can try AKARI. AKARI can run on all 2.6 kernels built with LSM support, although tested on only x86_32 and x86_64. http://sourceforge.jp/projects/tomoyo/lists/archive/users-en/2010-October/000219.html Regards. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
