OSDN -- Desenvolver e Download de Software Open Source
Estado tradução de Português translation status for pt

[tomoyo-users-en 700] Re: Tomoyo 2.5 using OpenRC - "Please mount securityfs on /sys/kernel/security/"

Back to archive index
Tetsuo Handa pengu****@i-lov*****
Sun Aug 19 15:28:15 JST 2018 

Hello.

Thank you for trying TOMOYO.

On 2018/08/19 1:22, Jose Jurado wrote:
> Tomoyo 2.5.0 was installed in Calculate Linux, a Gentoo distro using OpenRC as init.
> On reboot, as root, the policy editor can be run by executing:
>   # /usr/sbin/tomoyo-editpolicy /etc/tomoyo/
> However, next, I get the following response with the policy editor in this fashion:
>   # /usr/sbin/tomoyo-editpolicy 
>   Please mount securityfs on /sys/kernel/security/ .

This message is printed when tomoyo-editpolicy failed to mount securityfs on /sys/kernel/security/ .
Most likely cause is that sysfs is not yet mounted on /sys/ because sysfs should provide
kernel/security/ directory.

>   You can't use this editor for this kernel.

This message is printed when tomoyo-editpolicy failed to find /sys/kernel/security/tomoyo/ directory.
Most likely cause is that securityfs is not yet mounted on /sys/kernel/security/ .

> Several types of attempts were made to mount securityfs, but then it was apparent that /sys/kernel/security does not exist:
>   # mount -t securityfs securityfs /sys/kernel/security
>   mount: /sys/kernel/security: mount point does not exist

This message suggests that sysfs is not yet mounted on /sys/ . I have never tried Calculate Linux.
But unless tomoyo-editpolicy is executed from a different namespace where /sys/ directory does not
exist, /sbin/tomoyo-init should have already mounted sysfs on /sys/ . There are two possibilities:

 (1) /sys/ directory does not exist in a namespace where tomoyo-editpolicy is attempted.
     Please check what "ls -l /sys/kernel/" says. The output should include security/
     directory if sysfs was already mounted on /sys/ .

 (2) /sbin/tomoyo-init was not yet executed on reboot. Most likely cause is that
     CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER is not correct for your environment.
     Please check what "dmesg | grep -i tomoyo" says. If /sbin/tomoyo-init was executed
     correctly, the output should include lines like

     [    0.012652] TOMOYO Linux initialized
     [    2.661662] Calling /sbin/tomoyo-init to load policy. Please wait.
     [    2.726489] TOMOYO: 2.5.0

     If you can't find such lines, you can try TOMOYO_trigger= parameter for specifying
     different triggers. According to a Wiki page, OpenRC uses init=/usr/bin/openrc-init or
     init=/usr/bin/init-openrc instead of init=/sbin/init or init=/usr/libs/systemd/systemd .

Regards.

More information about the tomoyo-users-en mailing list
Back to archive index