Re: kernel panic: MAC Initialization failed.

From: Tetsuo Handa
Date: Thu Feb 28 2019 - 05:58:51 EST


On 2019/02/28 19:23, Dmitry Vyukov wrote:
> On Thu, Feb 28, 2019 at 11:20 AM Tetsuo Handa
> <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:
>>
>> On 2019/02/28 15:51, Dmitry Vyukov wrote:
>>> On Wed, Feb 27, 2019 at 11:37 PM Tetsuo Handa
>>>>
>>>> Thank you. The LSM stacking seems to be working as expected.
>>>> But this one should not be considered as a bug.
>>>>
>>>> If something went wrong before loading access control rules,
>>>> it is pointless to continue. Thus, stopping with kernel panic.
>>>
>>> Hi Tetsuo,
>>>
>>> What misconfiguration you mean?
>>
>> To use security modules, access control rules need to be loaded. Regarding
>> TOMOYO, access control rules can be loaded from the kernel itself (built-in)
>> and/or from /etc/tomoyo/ directory via /sbin/tomoyo-init (run-time).
>>
>> Since the kernel is built without built-in policy and /sbin/tomoyo-init does
>> not exist, memory allocation failure is handled as a fatal problem.
>>
>> But if syzbot cannot test other paths due to hitting this path, we need to somehow
>> avoid panic(). Can you add tomoyo-tools package into your rootfs images? It is
>> explained at https://tomoyo.osdn.jp/2.6/chapter-3.html .
>
>
> Is installing the package everything that needs to be done? It's not a
> standard package, right?
> What does it do? Frequently there is like 3 DVD's of some software,
> but everything that needs to be done is a single system call? What
> exactly from kernel perspective we need to do?
>

From kernel perspective, just building the kernels with
CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y after doing

echo 'PROFILE_VERSION=20150505' > security/tomoyo/policy/profile.conf
echo '0-CONFIG={ mode=learning grant_log=no reject_log=yes }' >> security/tomoyo/policy/profile.conf

from the kernel source tree is needed.

But the problem is that since syzbot is automated, there is no chance to
edit the content of security/tomoyo/policy/ directory when building the
kernels. Therefore, I expected that we can add tomoyo-tools package and
/etc/tomoyo/ directory generated by executing /usr/lib/tomoyo/init_policy
into the rootfs images. tomoyo-tools package is easy to install because of
little dependency (e.g. glibc and ncurses).

Maybe disabling panic() if CONFIG_FAULT_INJECTION=y is simpler...

diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index 2e7fcfa..2b2d5898 100644
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -24,7 +24,7 @@ void tomoyo_warn_oom(const char *function)
pr_warn("ERROR: Out of memory at %s.\n", function);
tomoyo_last_pid = pid;
}
- if (!tomoyo_policy_loaded)
+ if (!IS_ENABLED(CONFIG_FAULT_INJECTION) && !tomoyo_policy_loaded)
panic("MAC Initialization failed.\n");
}