Tomoyo 2.5.0 was installed in Calculate Linux, a Gentoo distro using OpenRC as init. On reboot, as root, the policy editor can be run by executing: # /usr/sbin/tomoyo-editpolicy /etc/tomoyo/ However, next, I get the following response with the policy editor in this fashion: # /usr/sbin/tomoyo-editpolicy Please mount securityfs on /sys/kernel/security/ .You can't use this editor for this kernel. Several types of attempts were made to mount securityfs, but then it was apparent that /sys/kernel/security does not exist:# mount -t securityfs securityfs /sys/kernel/securitymount: /sys/kernel/security: mount point does not exist Background info from notes when installing Tomoyo 2.5.0:$ uname -aLinux local 4.14.61-calculate #1 SMP PREEMPT Tue Aug 7 15:09:47 UTC 2018 x86_64 AMD A10-4600M APU with Radeon(tm) HD Graphics AuthenticAMD GNU/Linux linux-4.14.61.tar.gz was downloaded and extracted, and Tomoyo's suggested menuconfig options from the documentation were selected. Some error messages were obtained when compiling kernel:$ make -sdrivers/media/pci/solo6x10/solo6x10-gpio.c: In function ‘solo_gpio_init’:drivers/media/pci/solo6x10/solo6x10-gpio.c:165:6: warning: unused variable ‘ret’ [-Wunused-variable] int ret; ^~~drivers/net/ethernet/neterion/vxge/vxge-main.c: In function ‘VXGE_COMPLETE_VPATH_TX.isra.34’:drivers/net/ethernet/neterion/vxge/vxge-main.c:119:1: warning: the frame size of 1040 bytes is larger than 1024 bytes [-Wframe-larger-than=] } ^ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'ld: warning: creating a DT_TEXTREL in object. When that completed, I used "sudo -i" instead of "su" to compile modules thinking that would be safer, is that ok? The documentation then recommends, "Create initrd/initramfs if required". I wasn't sure so this was not done at first. The next steps were taken as per documentation: "Install the userspace tools"; "Initialize configuration". To "Configure bootloader" on first attempt:rnano -w /etc/default/grub # At the end of GRUB_CMDLINE_LINUX= line I added security=tomoyo Then "grub-mkconfig -o /boot/grub/grub.cfg" was run; rebooted; and the "Please mount securityfs on /sys/kernel/security/" displayed when running "/usr/sbin/tomoyo-editpolicy". Then, taking account OpenRC init instead of systemd, an attempt was made to add an additional argument for GRUB_CMDLINE_LINUX= "security=tomoyo TOMOYO_trigger=/sbin/init" and ran "grub-mkconfig -o /boot/grub/grub.cfg". However, on reboot the same securityfs problem persists. Initramfs: There is only one kernel in the grub menu on reboot, and a password was requested to inspect it (I was checking that grub command line was accepted). The password didn't work, but the Calculate console offers a 'boot' menu where the password was reset and, serruptitiously, I noted that initramfs was created, and that i was prompted to accept the new grub configuration:"Creating Host-Only initramfs ...""Configuring the grub" However, as stated above, the original problem persists # /usr/sbin/tomoyo-editpolicy Please mount securityfs on /sys/kernel/security/ .You can't use this editor for this kernel. Indeed, there is no /sys/kernel/security/ folder. NB: An attempt was done at this point to reinitialize the policy as root: /usr/lib/tomoyo/init_policyBut no output was returned. Thank you very much for Tomoyo, which according to so many reports is an excellent security system. I look forward to applying it successfully. Best wishes, Jose Jurado -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20180818/8c515c1c/attachment.html>
TOMOYO
Fork