Hito, I see a lot of these messages in syslogd.
Jun 13 23:35:10 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 13 23:37:03 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 13 23:37:25 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 13 23:41:03 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 13 23:41:19 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 13 23:42:54 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 14 20:10:45 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 14 20:15:46 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 14 20:19:09 learner ccs-auditd: Can't open
/sys/kernel/security/tomoyo/grant_log for reading.
Jun 14 20:20:42 learner kernel: [ 632.875114] <kernel> /sbin/init
/etc/init.d/rc /sbin/startpar /etc/init.d/ssh /sbin/start-stop-daemon
/usr/sbin/sshd /usr/sbin/sshd /bin/bash /usr/bin/sudo /usr/lib/ccs/editpolicy
( /usr/lib/ccs/editpolicy ) is not permitted to update policies.
I think the problem is here:
openlog("ccs-auditd", 0, LOG_USER);
for (i = 0; i < CCS_AUDITD_MAX_FILES; i++) {
fd_in[i] = open(procfile_path[i], O_RDONLY);
if (fd_in[i] == EOF) {
syslog(LOG_WARNING, "Can't open %s for reading.\n",
procfile_path[i]);
return 1;
}
}
Looking at this, I wonder why and how it returned 0...
Am I doing something wrong that grant_log is not listed under sysfs ?
Ritesh
On Sunday 14 Jun 2009 20:21:57 Ritesh Raj Sarraf wrote:
> Hi Hito,
>
> On Sunday 14 Jun 2009 19:31:16 h...@kugutsu.org wrote:
> > Hi Ritesh,
> >
> > Did you set security=tomoyo to your kernel boot args?
> >
> > In 2.6.30s TOMOYO Linux (TOMOYO 2.x, a.k.a LSM version), that is LSM
> > implementations.
>
> Yes. I did add security=tomoyo in the kernel command line. The same was
> mentioned in the TOMOYO howto on the website.
>
> Here's the dmesg output.
>
> r...@learner:~$ dmesg | grep -i tomo
> [ 0.000000] Kernel command line: root=/dev/mapper/VolGrpSDA4-ROOT ro
> audit=1 quiet vga=788 splash security=tomoyo
> [ 0.000999] TOMOYO Linux initialized
> [ 3.185069] Calling /sbin/tomoyo-init to load policy. Please wait.
> [ 4.075277] TOMOYO: 2.2.0 2009/04/01
>
> As you can see, tomoyo framework is getting initialized.
>
>
> The problem is with the ccs-auditd daemon. It fails to start.
> While there are some minor problems with the ccs-auditd init script, but
> for now, ccs-auditd itself is problematic. It doesn't start.
>
> Point to note:
> * As I said in the previous post to this bug report, I suspect the bug
> could be in here:
>
> [pid 6369] open("/sys/kernel/security/tomoyo/grant_log", O_RDONLY|
> O_LARGEFILE) = -1 ENOENT (No such file or directory)
> [pid 6369] brk(0) = 0x8e69000
> [pid 6369] brk(0x8e8a000) = 0x8e8a000
> [pid 6369] time(NULL) = 1244990746
> [pid 6369] open("/etc/localtime", O_RDONLY) = 0
> [pid 6369] fstat64(0, {st_mode=S_IFREG|0644, st_size=265, ...}) = 0
>
> There is no grant_log under sysfs. Now is its unavailability fatal ?
>
> * Secondly, your ccs-auditd is exiting with wrong codes.
>
> r...@learner:~$ sudo ccs-auditd /dev/null /var/log/tomoyo/reject_log.txt
> r...@learner:~$ echo $?
> 0
>
> While you need to confirm my question in the previous point (grant_log
> being fatal or not), ccs-auditd should not return 0 during a failure.
>
> * And if grant_log is not fatal then I don't know why running the
> editpolicy command fails.
>
> r...@learner:~$ sudo ccs-editpolicy
> You need to register this program to /sys/kernel/security/tomoyo/manager to
> run this program.
> r...@learner:~$ ls /sys/kernel/security/tomoyo/
> domain_policy exception_policy manager meminfo profile self_domain
> version
>
>
> Hope this helps. Please let me know if you need any more information.
>
> Ritesh
--
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."
signature.asc
Description: This is a digitally signed message part.
