Discussion:
[tomoyo-users-en 575] New(bie) Tomoyo User on Mageia 4
(too old to reply)
Claus Reheis
2014-03-13 00:24:48 UTC
Permalink
Raw Message
Hello Tomoyo Users List,


After switching from Fedora to Mageia I encountered "Tomoyo Linux"
described as a security feature of Mageia and because I have never heard
about it before I was curious about it.
I heard about SELinux and Apparmor, but never about Tomoyo... So I
investigated on the Internet and found interesting videos&instructions
on Youtube and the Tomoyo Linux homepage.
Been encouraged by the video instructions I thought I will play around
with Tomoyo and set up a cage around "Skype" and "Adobe Flash Player"
which I distrust...
So I installed the available tomoyo packages on Mageia:

tomoyo-tools-2.5.0-4.mga4
lib64tomoyotools3-2.5.0-4.mga4

and started to set it up following the instructions on the video:

kickstart tomoyo on opensuse 12.1

I managed to make the initial start of tomoyo via:

/usr/sbin/tomoyo-editpolicy /etc/tomoyo/

and I managed to put the kernel in "learning mode" and when I call up:

/usr/sbin/tomoyo-editpolicy

I have at the moment 621 domains in the editor recognized in "learning
mode"!
When I start Skype, the domain shows up and after using Skype with all
functions I need I can put it in "permissive mode" or "enforcing mode"
with all the effects expected.
When I leave the editor with the "q" key, reboot the system and
start /usr/sbin/tomoyo-editpolicy, all changes I applied before are lost
and when starting Skype again its in "learning mode" even if it was in
"permissive mode" before I was rebooting!

Also a error in /var/log/boot.log ist there:

[FAILED] Failed to start LSB: TOMOYO Linux MAC logging daemon.

And journalctl -b shows me:

Command line: BOOT_IMAGE=linux
root=UUID=65f5a484-73d6-49aa-bc63-7f78f3479b82 splash quiet
resume=UUID=f641866c-fe7a-4a83-b5cb-0409c738a001 security=tomoyo
kernel: Calling /sbin/tomoyo-init to load policy. Please wait.
kernel: TOMOYO: 2.5.0
kernel: Mandatory Access Control activated.
tomoyo-auditd[765]: ccs-auditd wird gestartet: tomoyo-auditd
[remote_ip:remote_port]
tomoyo-auditd[765]: See /etc/tomoyo/tools/auditd.conf for configuration.
tomoyo-auditd[765]: [ERROR]
tomoyo-auditd.service: control process exited, code=exited status=1
systemd[1]: Failed to start LSB: TOMOYO Linux MAC logging daemon.
systemd[1]: Unit tomoyo-auditd.service entered failed state.
systemd[1]: tomoyo-auditd.service: control process exited, code=exited
status=1
systemd[1]: Failed to start LSB: TOMOYO Linux MAC logging daemon.
systemd[1]: Unit tomoyo-auditd.service entered failed state.

So what is wrong on my setup?
Why I loose all my settings when I reboot?


I would really appreciate any help what I can get and if I can make
Tomoyo work and feel confident enough I would like to setup a wiki page
on the Mageia Wiki to share what I learned from you!

Thank you...


rehcla
Tetsuo Handa
2014-03-13 12:50:40 UTC
Permalink
Raw Message
Hello.
Post by Claus Reheis
When I leave the editor with the "q" key, reboot the system and
start /usr/sbin/tomoyo-editpolicy, all changes I applied before are lost
and when starting Skype again its in "learning mode" even if it was in
"permissive mode" before I was rebooting!
Too bad. tomoyo-editpolicy by default edits on-memory configuration. You need
to run tomoyo-savepolicy before you shutdown in order to copy on-memory
configuration to on-disk configuration.
Post by Claus Reheis
[FAILED] Failed to start LSB: TOMOYO Linux MAC logging daemon.
Command line: BOOT_IMAGE=linux
root=UUID=65f5a484-73d6-49aa-bc63-7f78f3479b82 splash quiet
resume=UUID=f641866c-fe7a-4a83-b5cb-0409c738a001 security=tomoyo
kernel: Calling /sbin/tomoyo-init to load policy. Please wait.
kernel: TOMOYO: 2.5.0
kernel: Mandatory Access Control activated.
tomoyo-auditd[765]: ccs-auditd wird gestartet: tomoyo-auditd
I don't know why "ccs-" prefix is printed here, but
Post by Claus Reheis
[remote_ip:remote_port]
tomoyo-auditd[765]: See /etc/tomoyo/tools/auditd.conf for configuration.
tomoyo-auditd[765]: [ERROR]
tomoyo-auditd.service: control process exited, code=exited status=1
systemd[1]: Failed to start LSB: TOMOYO Linux MAC logging daemon.
systemd[1]: Unit tomoyo-auditd.service entered failed state.
systemd[1]: tomoyo-auditd.service: control process exited, code=exited
status=1
systemd[1]: Failed to start LSB: TOMOYO Linux MAC logging daemon.
systemd[1]: Unit tomoyo-auditd.service entered failed state.
So what is wrong on my setup?
the messages and the exit status 1 suggests that
tomoyo-auditd was invoked by systemd with wrong command line arguments.

int main(int argc, char *argv[])
{
(...snipped...)
usage:
fprintf(stderr, "%s [remote_ip:remote_port]\n"
" See %s for configuration.\n", argv[0], CCS_AUDITD_CONF);
return 1;
}

Please check the content of tomoyo-auditd.service file.
tomoyo-auditd should be executed without any arguments, unless running for
retrieving access request logs from a remote system via an agent.

Regards.
Claus Reheis
2014-03-13 21:03:40 UTC
Permalink
Raw Message
Thank you so much, that did the trick!:)
No more errors in journalctl and /var/log/boot.log

I will inform the maintainer of Tomoyo Linux in the Mageia Project and
hope this gets fixed...

Thank you again for helping me so quickly and competent!

Greetings
Post by Tetsuo Handa
Hello.
Post by Claus Reheis
When I leave the editor with the "q" key, reboot the system and
start /usr/sbin/tomoyo-editpolicy, all changes I applied before are lost
and when starting Skype again its in "learning mode" even if it was in
"permissive mode" before I was rebooting!
Too bad. tomoyo-editpolicy by default edits on-memory configuration. You need
to run tomoyo-savepolicy before you shutdown in order to copy on-memory
configuration to on-disk configuration.
Post by Claus Reheis
[FAILED] Failed to start LSB: TOMOYO Linux MAC logging daemon.
Command line: BOOT_IMAGE=linux
root=UUID=65f5a484-73d6-49aa-bc63-7f78f3479b82 splash quiet
resume=UUID=f641866c-fe7a-4a83-b5cb-0409c738a001 security=tomoyo
kernel: Calling /sbin/tomoyo-init to load policy. Please wait.
kernel: TOMOYO: 2.5.0
kernel: Mandatory Access Control activated.
tomoyo-auditd[765]: ccs-auditd wird gestartet: tomoyo-auditd
I don't know why "ccs-" prefix is printed here, but
Post by Claus Reheis
[remote_ip:remote_port]
tomoyo-auditd[765]: See /etc/tomoyo/tools/auditd.conf for configuration.
tomoyo-auditd[765]: [ERROR]
tomoyo-auditd.service: control process exited, code=exited status=1
systemd[1]: Failed to start LSB: TOMOYO Linux MAC logging daemon.
systemd[1]: Unit tomoyo-auditd.service entered failed state.
systemd[1]: tomoyo-auditd.service: control process exited, code=exited
status=1
systemd[1]: Failed to start LSB: TOMOYO Linux MAC logging daemon.
systemd[1]: Unit tomoyo-auditd.service entered failed state.
So what is wrong on my setup?
the messages and the exit status 1 suggests that
tomoyo-auditd was invoked by systemd with wrong command line arguments.
int main(int argc, char *argv[])
{
(...snipped...)
fprintf(stderr, "%s [remote_ip:remote_port]\n"
" See %s for configuration.\n", argv[0], CCS_AUDITD_CONF);
return 1;
}
Please check the content of tomoyo-auditd.service file.
tomoyo-auditd should be executed without any arguments, unless running for
retrieving access request logs from a remote system via an agent.
Regards.
_______________________________________________
tomoyo-users-en mailing list
tomoyo-users-en at lists.sourceforge.jp
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
Loading...