FS#23242 - [kernel26] TOMOYO conflicts with other security modules
Attached to Project:
Arch Linux
Opened by Tomas Mudrunka (harvie) - Friday, 11 March 2011, 15:29 GMT
Last edited by Tobias Powalowski (tpowa) - Saturday, 12 March 2011, 07:55 GMT
Opened by Tomas Mudrunka (harvie) - Friday, 11 March 2011, 15:29 GMT
Last edited by Tobias Powalowski (tpowa) - Saturday, 12 March 2011, 07:55 GMT
|
Details
Description: I can't use securityfs with other (eg.
AppArmor) LSMs. TOMOYO seems to be breaking everything and
can't be even disabled.
on 2.6.36 i can see only tomoyo directory in /sys/kernel/security/ and on 2.6.37 i can't see anything at all. I've tried to disable it using ccsecurity=off (according to http://tomoyo.sourceforge.jp/1.8/phase-1.html.en ) I've tried to disable it using tomoyo=0 (according to how selinux and apparmor are disabled by selinux=0 and apparmor=0) i've tried to override it using security=apparmor non of those approaches made apparmor usable Additional info: * package version(s) * config and/or log files etc. [root@insomnia harvie]# uname -a Linux insomnia 2.6.37-ARCH #1 SMP PREEMPT Tue Mar 8 08:08:06 UTC 2011 i686 Mobile AMD Sempron(tm) Processor 3000+ AuthenticAMD GNU/Linux [root@insomnia harvie]# aa-status apparmor module is loaded. apparmor filesystem is not mounted. [root@insomnia harvie]# mount | grep -i security none on /sys/kernel/security type securityfs (rw) [root@insomnia harvie]# ls -a /sys/kernel/security . .. [root@insomnia harvie]# cat /proc/cmdline BOOT_IMAGE=/vmlinuz26 root=/dev/disk/by-uuid/348c69e0-de31-4589-bf0a-276815c5e17a ro resume=/dev/sda3 ccsecurity=off security=apparmor video=sisfb:mode:1280x800x32,rate:76 [root@insomnia harvie]# zcat /proc/config.gz | grep -i 'TOMOYO|APPARMOR' [root@insomnia harvie]# zcat /proc/config.gz | grep -Ei 'TOMOYO|APPARMOR' CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set Steps to reproduce: 1.) Install kernel26 2.) Boot (you don't even need to enable tomoyo explicitly) |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Saturday, 12 March 2011, 07:55 GMT
Reason for closing: Not a bug
Saturday, 12 March 2011, 07:55 GMT
Reason for closing: Not a bug
[16:35:29] 0 ;) root@molly:~# uname -a
Linux molly 2.6.36-ARCH #1 SMP PREEMPT Fri Dec 10 20:32:37 CET 2010 x86_64 Intel(R) Xeon(R) CPU X3430 @ 2.40GHz GenuineIntel GNU/Linux
[16:35:33] 0 ;) root@molly:~# aa-status
apparmor module is loaded.
apparmor filesystem is not mounted.
[16:35:44] 3 ;( root@molly:~# mount | grep -i security
none on /sys/kernel/security type securityfs (rw)
[16:35:51] 0 ;) root@molly:~# ls -a /sys/kernel/security
tomoyo/ ./ ../
[16:35:59] 0 ;) root@molly:~# cat /proc/cmdline
root=/dev/mapper/vgrupa-root ro cryptdevice=/dev/md1:cryptsys md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda2,/dev/sdb2 console=ttyS1,115200
[16:36:07] 0 ;) root@molly:~# zcat /proc/config.gz | grep -Ei 'TOMOYO|APPARMOR'
CONFIG_SECURITY_TOMOYO=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
FS#23098Also it does not provide option to disable/enable it by default bootparam in kernel config.
but i think that ArchLinux should act somehow because fixing of such issue can take a long time...
but i think that ArchLinux should act somehow because fixing of such issue can take a long time...
Thomas wrote:
> TOMOYO seems to be breaking everything and can't be even disabled.
TOMOYO Linux is disabled by default. It requires "security=tomoyo" in order for it to be enabled. Therefore there is no boot option to disable it, unless it is set in kernel configuration as the default security module (which for the Arch Linux kernels is not the case).
> Have you tried running AppArmor on a kernel compiled completely without TOMOYO support, and were you successful in getting AppArmor to run?
Yes, AppArmor was working as supposed before tomoyo was introduced to kernel26
> TOMOYO Linux is disabled by default. It requires "security=tomoyo" in order for it to be enabled.
As you can see, there is no security=tomoyo
[16:35:59] 0 ;) root@molly:~# cat /proc/cmdline
root=/dev/mapper/vgrupa-root ro cryptdevice=/dev/md1:cryptsys md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda2,/dev/sdb2 console=ttyS1,115200
but there IS tomoyo enabled:
[16:35:51] 0 ;) root@molly:~# ls -a /sys/kernel/security
tomoyo/ ./ ../
> TOMOYO seems to be breaking everything and can't be even disabled.
Excuse me, but TOMOYO is breaking nothing and TOMOYO is not enabled. ;-)
> I've tried to disable it using ccsecurity=off (according to http://tomoyo.sourceforge.jp/1.8/phase-1.html.en )
Above option is for disabling TOMOYO 1.x.
TOMOYO 1.x uses /proc/ccs/ directory.
TOMOYO which is compiled into the kernel by CONFIG_SECURITY_TOMOYO=y option is
TOMOYO 2.x. TOMOYO 2.x uses /sys/kernel/security/ directory.
So, I assume you are trying to disable TOMOYO 2.x and enable AppArmor.
> I've tried to disable it using tomoyo=0 (according to how selinux and apparmor are disabled by selinux=0 and apparmor=0)
TOMOYO does not understand tomoyo= option.
The correct way for not selecting TOMOYO 2.x is to specify other LSM modules (like security=selinux or security=smack or security=apparmor) or something like security=none that matches none of LSM module's names.
> i've tried to override it using security=apparmor
Yes, this is the correct way for selecting AppArmor.
But you are missing one more parameter.
Please look at CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 line in your kernel
config. The security/apparmor/Kconfig says:
config SECURITY_APPARMOR_BOOTPARAM_VALUE
int "AppArmor boot parameter default value"
depends on SECURITY_APPARMOR
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'apparmor', which allows AppArmor to be enabled or disabled
at boot. If this option is set to 0 (zero), the AppArmor
kernel parameter will default to 0, disabling AppArmor at
boot. If this option is set to 1 (one), the AppArmor
kernel parameter will default to 1, enabling AppArmor at
boot.
If you are unsure how to answer this question, answer 1.
So, since SECURITY_APPARMOR_BOOTPARAM_VALUE is set to 0 in your kernel config
and security/apparmor/lsm.c has below code:
/* Boot time disable flag */
static unsigned int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR);
static int __init apparmor_enabled_setup(char *str)
{
unsigned long enabled;
int error = strict_strtoul(str, 0, &enabled);
if (!error)
apparmor_enabled = enabled ? 1 : 0;
return 1;
}
__setup("apparmor=", apparmor_enabled_setup);
You need to specify apparmor=1 in order to enable AppArmor.
The security=apparmor option tells the kernel to select AppArmor.
The apparmor=1 option tells the kernel to enable AppArmor.
> > TOMOYO Linux is disabled by default. It requires "security=tomoyo" in order for it to be enabled.
>
> As you can see, there is no security=tomoyo
>
> [16:35:59] 0 ;) root@molly:~# cat /proc/cmdline
> root=/dev/mapper/vgrupa-root ro cryptdevice=/dev/md1:cryptsys md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda2,/dev/sdb2 console=ttyS1,115200
>
> but there IS tomoyo enabled:
>
> [16:35:51] 0 ;) root@molly:~# ls -a /sys/kernel/security
> tomoyo/ ./ ../
You are talking about kernel 2.6.36 and your kernel config has
CONFIG_DEFAULT_SECURITY_DAC=y line, right?
There was a bug in security_module_enable() (a function that
determines which LSM module to select) for 2.6.36 and earlier kernels.
Please see http://www.spinics.net/linux/fedora/linux-security-module/msg09246.html for discussion
and http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=065d78a0603cc6f8d288e96dbf761b96984b634f for the fix.
but i think that apparmor interface has changed a bit, because securityfs now looking like this:
[04:10:30] 0 ;) harvie@insomnia apparmor $ ls -la /sys/kernel/security/apparmor
celkem 0
drwxr-xr-x 2 root root 0 12. bře 03.48 ./
drwxr-xr-x 3 root root 0 12. bře 03.48 ../
-rw-r----- 1 root root 0 12. bře 02.49 .load
-rw-r----- 1 root root 0 12. bře 03.48 .remove
-rw-r----- 1 root root 0 12. bře 03.48 .replace
Anyway. sorry for bothering and thanks for your help. As counter-service i've updated apparmor package in AUR to version 2.6.0 :-)
Keep up your hard work on AppArmor AUR package. Everyone needs security, regardless of which program they use to do so. :-)