Ritesh,
// also CC-ed Tetsuo Handa, he is main developer of TOMOYO Linux.
Maybe, ccs-auditd is not related ccs-editpolicy problem.
Please Try;
# /usr/lib/ccs/tomoyo_init_policy.sh
in your TOMOYO enabled environemnts, and reboot it.
You can use ccs-editpolicy commands... could you?
// That is heuristic guess from my experience...
*** below are not ccs-editpolicy problems. ***
These are upstreams bug{,s}.
ccs-auditd(that is log collector of {grant,reject}_log in sysfs)
is not use in LSM ver. That is superfluous.
// See below, Kentaro Takeda (LSM version TOMOYO Linux's
// upstream dev team member) said in Japanese,
// "grant_log and reject_log does not exists 2.x series now".
//
http://sourceforge.jp/projects/tomoyo/lists/archive/dev/2007-August/000523.html
ccs-auditd({grant,reject}_log) features were not implemented for LSM,
root problem is another thing.
IMHO, we have 2 points,
1) ccs-auditd has programing bug, that cry
"Can't open /sys/kernel/security/tomoyo/grant_log for reading." eternaly.
This is bad behavior.
But, ccs-auditd and sysfs {grant,reject}_log are close set.
Notes: for some embeded environments(such as under 32MB memorys), the
*_log feature too big and rich.
So, ccstools can works without grant_log features....
2) ccs-tools is unfriendly for LSM TOMOYO, its upstream problem.
Current ccs-tools includes below stuffs:
- ccs-auditd, that is
- A lot of 1.6.x(non LSM version) documents.
- mixed and confusable settings.
They are misleading someone into confusion.
Now, I consult these ccstools(userland) problems to upstream authors.
Please wait sometimes..., and update packages when upstream commits. > henrich
Regards,
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
