[Precise] TOMOYO: Please turn off CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER option

Bug #952035 reported by Tetsuo Handa on 2012-03-11
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Leann Ogasawara

Bug Description

I tried to boot http://cdimage.ubuntu.com/daily-live/current/precise-desktop-i386.iso
with security=tomoyo kernel boot parameter. But it can't boot (kernel panic)
because kernel was built with CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y .

CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER option is meant for systems where
it is difficult to call /sbin/tomoyo-init upon execution of /sbin/init .
For desktop and servers, /sbin/tomoyo-init should be used for loading TOMOYO's
policy configuration. Therefore please change kernel configuration from

  CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y

to

  # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
  CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
  CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"

(which is by default chosen so).
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
AplayDevices: aplay: device_list:252: no soundcards found...
ApportVersion: 1.94.1-0ubuntu2
Architecture: i386
ArecordDevices: arecord: device_list:252: no soundcards found...
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1p', '/dev/snd/midiC0D0', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
DistroRelease: Ubuntu 12.04
HibernationDevice: RESUME=UUID=bee47962-4d01-4574-b1b2-a334e62e984c
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120309)
IwConfig:
 lo no wireless extensions.

 eth0 no wireless extensions.
Lsusb:
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 002 Device 002: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
MachineType: VMware, Inc. VMware Virtual Platform
Package: linux (not installed)
ProcEnviron:
 TERM=vt100
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-18-generic-pae root=UUID=8a11adb6-254d-4dda-9164-0f3070b3f2d5 ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.2.0-18.28-generic-pae 3.2.9
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
 linux-restricted-modules-3.2.0-18-generic-pae N/A
 linux-backports-modules-3.2.0-18-generic-pae N/A
 linux-firmware 1.71
RfKill:

Tags: precise
Uname: Linux 3.2.0-18-generic-pae i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
dmi.bios.date: 08/15/2008
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd08/15/2008:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A:
dmi.product.name: VMware Virtual Platform
dmi.product.version: None
dmi.sys.vendor: VMware, Inc.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 952035

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: precise

This is a kernel panic before /sbin/init starts.
Thus, apport-collect cannot be used.

Attached file is kernel log obtained using "security=tomoyo console=ttyS0,119200n8 console=tty".

Changed in linux (Ubuntu):
status: Incomplete → Confirmed

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-18.29

apport information

tags: added: apport-collected
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

Changed in linux (Ubuntu):
status: Incomplete → Confirmed

I guess that the latest kernel config is http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-precise.git;f=debian.master/config/config.common.ubuntu;h=7ac2ddf7eb5cac9f2af0354fe05d9f2a06892333;hb=e9c4a165e75b9a308a10e5e0ae0a5956a46d9a6a ,
and it contains a line

  4605 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y

so this bug is not yet fixed.

Changed in linux (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu):
assignee: nobody → Leann Ogasawara (leannogasawara)
status: Confirmed → In Progress
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.2.0-19.30

---------------
linux (3.2.0-19.30) precise; urgency=low

  [ Andy Whitcroft ]

  * [Config] Fix typeo in the Hyper-V module names

  [ Colin Watson ]

  * [Config] Move kernels to "Section: kernel"
    - LP: #499557

  [ John Johansen ]

  * SAUCE: AppArmor: Add ability to load extended policy
  * SAUCE: AppArmor: Add the ability to mediate mount
  * SAUCE: AppArmor: Add profile introspection file to interface
  * SAUCE: AppArmor: basic networking rules

  [ Leann Ogasawara ]

  * [Config] Disable CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
    - LP: #952035
  * Rebase to v3.2.10
  * [Config] Update configs after rebase to v3.2.10
  * Rebase to v3.2.11
  * [Config] Disable CONFIG_STUB_POULSBO
    - LP: #899244
  * [Config] Add CONFIG_DRM_PSB check to enforcer
    - LP: #899244

  [ Tim Gardner ]

  * [Config] Drop non-SMP powerpc

  [ Upstream Kernel Changes ]

  * net/hyperv: Use the built-in macro KBUILD_MODNAME for this driver
  * x86: Derandom delay_tsc for 64 bit
  * Bluetooth: Fix l2cap conn failures for ssp devices
    - LP: #872044
  * KVM: x86: extend "struct x86_emulate_ops" with "get_cpuid"
    - LP: #917842
    - CVE-2012-0045
  * KVM: x86: fix missing checks in syscall emulation
    - LP: #917842
    - CVE-2012-0045
  * rebase to v3.2.11
  * rebase to v3.2.10
 -- Leann Ogasawara <email address hidden> Fri, 16 Mar 2012 08:02:07 -0700

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers