Hello,
I have been trying to find out why my tomoyo installation has broken itself.
It was running locking down just the apache service, I rebooted my server
for some maintenance and it failed to come backup. I logged into the
console and it was waiting at boot for a tomoyo profile, I typed "disable"
if I recall correctly and it booted. I then performed, tomoyo-editpolicy
and apache was back to profile 1, when I tried to adjust it to profile 3,
it just stayed on 1.
A bit of investigation shows that the kernel doesn't know about profiles 2
& 3.
How do I go about resolving this?
Thanks
Cam
INFO:
Linux www.cam.com 2.6.32-5-amd64 #1 SMP Thu Mar 22 17:26:33 UTC 2012 x86_64
GNU/Linux
root@www:~# cat /boot/grub/menu.lst
===== SNIP =====
kernel /boot/vmlinuz-2.6.32-5-amd64 root=/dev/xvda1 ro
security=tomoyo
initrd /boot/initrd.img-2.6.32-5-amd64
====== SNIP =====
root@www:~# cat /sys/kernel/security/tomoyo/manager
/usr/sbin/tomoyo-loadpolicy
/usr/sbin/tomoyo-editpolicy
/usr/sbin/tomoyo-setlevel
/usr/sbin/tomoyo-setprofile
/usr/sbin/tomoyo-ld-watch
root@www:~# cat /sys/kernel/security/tomoyo/profile
0-COMMENT=disabled
0-MAC_FOR_FILE=disabled
0-MAX_ACCEPT_ENTRY=0
0-TOMOYO_VERBOSE=disabled
1-COMMENT=disabled
1-MAC_FOR_FILE=disabled
1-MAX_ACCEPT_ENTRY=0
1-TOMOYO_VERBOSE=disabled
2-COMMENT=
2-MAC_FOR_FILE=disabled
2-MAX_ACCEPT_ENTRY=2048
2-TOMOYO_VERBOSE=enabled
root@www:~# cat /etc/tomoyo/profile.conf
0-COMMENT=-----Disabled Mode-----
0-MAC_FOR_FILE=disabled
0-TOMOYO_VERBOSE=disabled
1-COMMENT=-----Learning Mode-----
1-MAC_FOR_FILE=learning
1-TOMOYO_VERBOSE=disabled
2-COMMENT=-----Permissive Mode-----
2-MAC_FOR_FILE=permissive
2-TOMOYO_VERBOSE=enabled
3-COMMENT=-----Enforcing Mode-----
3-MAC_FOR_FILE=enforcing
3-TOMOYO_VERBOSE=enabled
DMESG:
[ 0.868188] Calling /sbin/tomoyo-init to load policy. Please wait.
[ 240.032087] INFO: task run-init:1 blocked for more than 120 seconds.
[ 240.032100] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
this message.
[ 240.032109] run-init D 0000000000000000 0 1 0
0x00000000
[ 240.032120] ffffffff814891f0 0000000000000282 0000000000000000
ffffffff8100e252
[ 240.032134] 0000001000000000 ffff880007c6d4c0 000000000000f9e0
ffff880007c5ffd8
[ 240.032147] 0000000000015780 0000000000015780 ffff880007c68000
ffff880007c682f8
[ 240.032166] Call Trace:
[ 240.032173] [<ffffffff8100e252>] ? check_events+0x12/0x20
========== SNIP ==========
root@www:~# aptitude show tomoyo-tools
Package: tomoyo-tools
State: installed
Automatically installed: no
Version: 2.2.0-20100225-1
Priority: extra
Section: admin
Maintainer: Hideki Yamane <[email protected]>
Uncompressed Size: 324 k
Depends: libc6 (>= 2.7), libncurses5 (>= 5.7+20100313)
Conflicts: tomoyo-ccstools, tomoyo-ccstools1.7
Replaces: tomoyo-ccstools, tomoyo-ccstools1.7
Description: Lightweight and easy-use Mandatory Access Control for Linux
========== SNIP ==========
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
