[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ebfd7dae-d90a-059c-8ace-643c2228e7d0@i-love.sakura.ne.jp>
Date: Thu, 28 Feb 2019 19:58:29 +0900
From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: syzbot <syzbot+e1b8084e532b6ee7afab@...kaller.appspotmail.com>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
James Morris <jmorris@...ei.org>,
LKML <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org,
"Serge E. Hallyn" <serge@...lyn.com>,
Kentaro Takeda <takedakn@...data.co.jp>
Subject: Re: kernel panic: MAC Initialization failed.
On 2019/02/28 19:23, Dmitry Vyukov wrote:
> On Thu, Feb 28, 2019 at 11:20 AM Tetsuo Handa
> <penguin-kernel@...ove.sakura.ne.jp> wrote:
>>
>> On 2019/02/28 15:51, Dmitry Vyukov wrote:
>>> On Wed, Feb 27, 2019 at 11:37 PM Tetsuo Handa
>>>>
>>>> Thank you. The LSM stacking seems to be working as expected.
>>>> But this one should not be considered as a bug.
>>>>
>>>> If something went wrong before loading access control rules,
>>>> it is pointless to continue. Thus, stopping with kernel panic.
>>>
>>> Hi Tetsuo,
>>>
>>> What misconfiguration you mean?
>>
>> To use security modules, access control rules need to be loaded. Regarding
>> TOMOYO, access control rules can be loaded from the kernel itself (built-in)
>> and/or from /etc/tomoyo/ directory via /sbin/tomoyo-init (run-time).
>>
>> Since the kernel is built without built-in policy and /sbin/tomoyo-init does
>> not exist, memory allocation failure is handled as a fatal problem.
>>
>> But if syzbot cannot test other paths due to hitting this path, we need to somehow
>> avoid panic(). Can you add tomoyo-tools package into your rootfs images? It is
>> explained at https://tomoyo.osdn.jp/2.6/chapter-3.html .
>
>
> Is installing the package everything that needs to be done? It's not a
> standard package, right?
> What does it do? Frequently there is like 3 DVD's of some software,
> but everything that needs to be done is a single system call? What
> exactly from kernel perspective we need to do?
>
From kernel perspective, just building the kernels with
CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y after doing
echo 'PROFILE_VERSION=20150505' > security/tomoyo/policy/profile.conf
echo '0-CONFIG={ mode=learning grant_log=no reject_log=yes }' >> security/tomoyo/policy/profile.conf
from the kernel source tree is needed.
But the problem is that since syzbot is automated, there is no chance to
edit the content of security/tomoyo/policy/ directory when building the
kernels. Therefore, I expected that we can add tomoyo-tools package and
/etc/tomoyo/ directory generated by executing /usr/lib/tomoyo/init_policy
into the rootfs images. tomoyo-tools package is easy to install because of
little dependency (e.g. glibc and ncurses).
Maybe disabling panic() if CONFIG_FAULT_INJECTION=y is simpler...
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index 2e7fcfa..2b2d5898 100644
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -24,7 +24,7 @@ void tomoyo_warn_oom(const char *function)
pr_warn("ERROR: Out of memory at %s.\n", function);
tomoyo_last_pid = pid;
}
- if (!tomoyo_policy_loaded)
+ if (!IS_ENABLED(CONFIG_FAULT_INJECTION) && !tomoyo_policy_loaded)
panic("MAC Initialization failed.\n");
}
Powered by blists - more mailing lists