Tetsuo Handa
from-****@I-lov*****
2009年 7月 23日 (木) 22:40:56 JST
熊猫です。 > で、すみません、ccs-toolsの1.xと2.xの分離はいかがでしょうか? > (正直言うと、ccs-toolsの分離が私にとっての話のメインでした。) http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.2.x/tomoyo-tools/?root=tomoyo に 分離しました。まだ動作確認していません。 それから↓は http://bugs.gentoo.org/show_bug.cgi?id=278513 へのコメント案です。 > I found this at the end of /sbin/tomoyo-init: > > # [ $SECURITY_UNMOUNT -eq 1 ] && umount -n /sys/kernel/security > # [ $SYS_UNMOUNT -eq 1 ] && umount -n /sys > [ $PROC_UNMOUNT -eq 1 ] && umount -n /proc > exit 0 > > I suspect that uncommenting those two lines might solve the problem, but I'm > new to TOMOYO and might be missing something. Yes. Uncommenting those two lines will solve the problem. TOMOYO's management tools assume that securityfs is mounted on /sys/kernel/security/ . But many systems don't mount securityfs on /sys/kernel/security/ upon boot. If securityfs is not mounted, TOMOYO's management tools (e.g. ccs-editpolicy) can't work. Therefore, the author decided that /sbin/tomoyo-init leaves securityfs mounted on /sys/kernel/security/ . But in your environment, it causes problems... Should we ask users to add an entry to /etc/fstab so that /sys/kernel/security/ is mounted? Or, should we let TOMOYO's management tools try to mount /sys/kernel/security/ when the tools are executed?
TOMOYO
Fork