| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Oct 2010 15:26:19 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: kosaki.motohiro@...fujitsu.com
Cc: linux-kernel@...r.kernel.org, takedakn@...data.co.jp,
lists@...dbynature.de, kawime@....de, jkosina@...e.cz,
linux-security-module@...r.kernel.org
Subject: Re: 2.6.36-rc7: kernel panic with SECURITY_TOMOYO=y
Jiri Kosina wrote: ( http://lkml.org/lkml/2010/8/11/80 )
> > The panic message was:
> > > Profile %u (used by '%s') not defined.
> >
> > Profile 0 (used by '0') not defined.
>
> Looking at the code ...
>
> void tomoyo_check_profile(void)
> {
> struct tomoyo_domain_info *domain;
> const int idx = tomoyo_read_lock();
> tomoyo_policy_loaded = true;
> /* Check all profiles currently assigned to domains are defined. */
> list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
> const u8 profile = domain->profile;
> if (tomoyo_profile_ptr[profile])
> continue;
> panic("Profile %u (used by '%s') not defined.\n",
> profile, domain->domainname->name);
> }
> tomoyo_read_unlock(idx);
> if (tomoyo_profile_version != 20090903)
> panic("Profile version %u is not supported.\n",
> tomoyo_profile_version);
> printk(KERN_INFO "TOMOYO: 2.3.0\n");
> printk(KERN_INFO "Mandatory Access Control activated.\n");
> }
>
> makes one wonder whether not having up-to-date userspace really does
> qualify for unconditional kernel panic.
KOSAKI Motohiro wrote:
> Handa-san, please see this panic message again.
>
> > Kernel panic - not syncing: Profile uersion 0 is not supported
>
> Profile?
> This message doesn't have any information which should we look!
> And, 'profile' is wrong word. TOMOYO have to recommend to upgrade
> userland tools here at minimum.
I see. What about this?
>From cc7601c18982909987bbb48971acb86a69a3317a Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Date: Fri, 8 Oct 2010 14:43:22 +0900
Subject: [PATCH] TOMOYO: Print URL information before panic().
Configuration files for TOMOYO 2.3 are not compatible with TOMOYO 2.2.
But current panic() message is too unfriendly and is confusing users.
Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
---
security/tomoyo/common.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index c668b44..1f0d45a 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -2051,13 +2051,22 @@ void tomoyo_check_profile(void)
const u8 profile = domain->profile;
if (tomoyo_profile_ptr[profile])
continue;
+ printk(KERN_ERR "You need to define profile %u before using it.\n",
+ profile);
+ printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
+ "for more information.\n");
panic("Profile %u (used by '%s') not defined.\n",
profile, domain->domainname->name);
}
tomoyo_read_unlock(idx);
- if (tomoyo_profile_version != 20090903)
+ if (tomoyo_profile_version != 20090903) {
+ printk(KERN_ERR "You need to install userland programs for "
+ "TOMOYO 2.3 and initialize policy configuration.\n");
+ printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
+ "for more information.\n");
panic("Profile version %u is not supported.\n",
tomoyo_profile_version);
+ }
printk(KERN_INFO "TOMOYO: 2.3.0\n");
printk(KERN_INFO "Mandatory Access Control activated.\n");
}
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists