TOMOYO

Fork

[tomoyo-users-en 737] Can't get Tomoyo to load policies on one of two (near identical systems) PCs..

• Next message (by thread): [tomoyo-users-en 738] Re: Can't get Tomoyo to load policies on one of two (near identical systems) PCs..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've recently started using using tomoyo on two quite similar systems

On one of the PCs (referring to it as *PC1*) it appears to all be 
running fine and as expected.

However on the other PC (referring to it as *PC2*) , tomoyo will 
apparently not load policies. This regardless of whatever i try. And 
i've now basically ran out of thoughts as to what might be wrong and how 
to troubleshoot it any further.

  * Both PCs are running 64bit Arch Linux and are utilizing current
    kernel(s) *5.18.1-arch1-1 *as confirmed trough /uname -r/
    **
  * Both using the 'tomoyo-tools' AUR packages respective to
    instructions on
    /https://wiki.archlinux.org/title/TOMOYO_Linux#TOMOYO_Linux_2.x/
    **
  * Both boot from GRUB to ext4 root filesystems with
    lsm=landlock,lockdown,yama,tomoyo,bpf set identically trough
    //etc/default/grub/
      o GRUB_CMDLINE_LINUX_DEFAULT="lsm=landlock,lockdown,yama,tomoyo,bpf"/

        /
  * Tomoyo is reporting itself as being initialized and running on both
    trough
      o /dmesg | grep -A 1 -B 1 TOMOYO
        /
      o /cat /sys/kernel/security/lsm/
      o /grep tomoyo_write_inet_network /proc/kallsyms

        /
  * PC1 is an AMD ryzen7 platform while PC2 is an Intel platform
  * PC2 gets used via SSH and is headless, PC1 via graphical
    desktop/terminal

If i make alterations to files/in /etc/tomoyo/*/  ,the changes will 
reflect fine and as expected on PC1. Though on PC2 not even the defaults 
as set by /usr/lib/tomoyo/init_policy gets imitated upon it's booting 
and the settings stay on disk only. PC2 appears to only have tomoyo 
function should i manually use/tomoyo-loadpolicy/. PC2 will apparently 
ignore anything set in/from that folder, and will for some reason always 
boot to an empty /'0:  0     <kernel>/' domains listing and nothing else 
getting listed, as well having nothing for profile except /0: 
PROFILE_VERSION=20150505 /and only two lines at exception policy being :

     0: initialize_domain /sbin/hotplug from any
     1: initialize_domain /sbin/modprobe from any


Hoping someone might have some ideas or clues as what is going on with 
PC2 if even just things that might theoretically be the cause of it issue.

I'm happy to provide any further info that might help identifying the 
causes.

Skål! 🍺

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20220610/898e57f8/attachment.html>

• Next message (by thread): [tomoyo-users-en 738] Re: Can't get Tomoyo to load policies on one of two (near identical systems) PCs..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]