FS#33958 - [linux] Fix SECURITY_TOMOYO_ACTIVATION_TRIGGER for systemd

Attached to Project: Arch Linux
Opened by Stefan J. Betz (encbladexp) - Thursday, 21 February 2013, 11:21 GMT
Last edited by Jan Alexander Steffens (heftig) - Sunday, 14 March 2021, 14:40 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Jan Alexander Steffens (heftig)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Just a little change, but take a look at http://kernel.opensuse.org/cgit/kernel/tree/security/tomoyo/Kconfig. We need to change SECURITY_TOMOYO_ACTIVATION_TRIGGER to /bin/systemd. Further Information at http://tomoyo.sourceforge.jp/2.5/chapter-3.html.en.
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Sunday, 14 March 2021, 14:40 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in trunk; pending next release.
Comment by Dave Reisner (falconindy) - Friday, 22 February 2013, 18:42 GMT
Sorry to reopen this -- /bin/systemd should *never* be used (some day it will go away). The real path /usr/lib/systemd/systemd should be used instead.
Comment by nl6720 (nl6720) - Sunday, 14 March 2021, 14:00 GMT
  • Field changed: Percent Complete (100% → 0%)
This change was lost after disabling and re-enabling TOMOYO support over the years.

linux 5.11.arch2-1, linux-lts 5.10.17-1, linux-zen 5.11.zen2-2 and linux-hardened 5.10.17.hardened1-1 set CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init".

Please change it to SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd".
Comment by Levente Polyak (anthraxx) - Sunday, 14 March 2021, 14:19 GMT
/sbin/init is a symlink to /usr/lib/systemd/systemd shouldn't that just work?
Comment by nl6720 (nl6720) - Sunday, 14 March 2021, 14:22 GMT
One would think so, but it doesn't. Currently the TOMOYO_trigger kernel parameter needs to be set to fix the incorrect kernel config value.

Loading...