TOMOYO
ForkTomoyo now runs seemingly as one would expect on PC2 as well.
Regrettably, I have no way of knowing what was the actual problem since
this only got discovered after quite a few changes having already been
made to the system (though none inherently to tomoyo itself nor even
with tomoyo in mind)
At some point in the middle of it all, it just happened to get noticed
at it's local login tty where it upon bootups and logins had began
stating something along the lines of:
<some number> domains. <some number> ACL entries.
<some number> KB used by policy.
The alterations of the system more or less only consisted grub/vconsole
setfont-(map) and screen/resolution- configuration, (re)naming network
interfaces properly, a reinstall/upgrade of nf/iptables and shorewall
along with disabling all tcp/udp services and dockers. None of which i
would expect could make much of a difference to tomoyo.
Though it gave me some thoughts :
* Might there possibly be anything that keeps/kept Tomoyo from being
installed/initialized correctly via *SSH only*, requiring at least a
one-time local TTY (and root?) interaction before it gets working
properly ?
(from the time of tomoyo install and now the other day, The pc had
not even had a screen or keyboard hooked up to it for a relatively
long while. And both the 'tomoyo-tools' install and the attempts at
configuring it all had exclusively been done entirely trough SSH)
* Or, is it remotely possible it could've been some BIOS setting that
kept it from working ?
(the pc's BIOS settings got briefly revisited but it's uncertain and
unlikely if there any actual changes were made)
I'll make a more mindful observing of tomoyo and get back here should it
at any point stop working again. And then hopefully with more accurate
info as to what might have potentially been the reason for it's
previously failing.
Other than that, thanks again for your attention, your time and
information given towards my issue. And not to mention the absolute
kick*ss thing that is TOMOYO!
Skål!
On 14.06.2022 01:06, Tetsuo Handa wrote:
> On 2022/06/14 5:20, Andre T wrote:
>>> Please check that /sbin/tomoyo-init exists and can be manually executed from
>>> a shell on PC2. Then, please check that either
>>>
>>> Calling /sbin/tomoyo-init to load policy. Please wait.
>>>
>>> or
>>>
>>> Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist.
>>>
>>> appears in the dmesg output when you reboot PC2.
>> From what it seems so far neither of the two lines seems to appear on the PC. (dmesg output included furthest below)
>>
> OK. Then, I guess that the program which is specified using
> CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER does not exist on PC2.
>
> It seems that Arch Linux has multiple choices for the init system.
>
> https://wiki.archlinux.org/title/init
> https://wiki.archlinux.org/title/Mkinitcpio
>
> I guess that the program used as init on PC1 and PC2 differs. Please compare
>
> ls -l /proc/1/
>
> (as root user) between PC1 and PC2. If the program indicated by /proc/1/exe differs,
> try specifying that program using TOMOYO_trigger= kernel command line parammeter; like
> TOMOYO_trigger=/usr/lib/systemd/systemd if /proc/1/exe indicates /usr/lib/systemd/systemd .
>
>> (I'm noticing the "Unknown kernel command line parameters ..." line so whether
>> or not that might affect tomoyo i'm not sure, but it's definetly to be checked
>> out what's going on there none the less)
> That is expected behavior and is irrelevant to this problem.
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=86d1919a4fb0d9c115dd1d3b969f5d1650e45408
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc2b3dca7292347d8e715fb723c587134abe013
>
> Regards.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20220620/02fd29d4/attachment.html>