Matthew Riley:
> I'm using Ubuntu 14.04, so 3.13 kernel.
Thanks.
But I've found ima, especially with the kernel parameter "ima_tcb" never
work on my system.
I am using
- debian
- sysvinit-utils pkg is installed
and
- boot with specifying "ima_tcb"
- sysvinit-utils contains /sbin/startpar ("start runlevel scripts in parallel")
- /sbin/startpar opens /etc/init.d/* with O_DIRECT (I don't know why
direct-io is necessary here)
- near the end of open(2), ima_file_check() is called. and then (roughly)
+ process_measurement()
+ ima_collect_measurement()
+ ima_calc_file_hash()
+ kernel_read()
:::
+ ext2_direct_IO()
:::
+ do_blockdev_direct_IO()
are called.
- in process_measurement(), ima aquires i_mutex. and
do_blockdev_direct_IO() tries aquiring the same i_mutex.
- deadlock happens.
In other words, O_DIRECT and IMA don't cowork, at least with "ima_tcb".
It surely cause a deadlock.
I think I need
- another test system,
- alternative to sysvinit-utils (since O_DIRECT in /sbin/startpar is the
trigger on my test system)
or
- I have to install another distribution (which doesn't use
/sbin/startpar)
Anyway it will take time. If you cannot wait the fix, I'd suggest you to
comment out security_mmap_file() call in aufs_mmap() since it may be
less important.
By the way, are you specifying "ima_tcb", or do you have a
config/customize file for ima? If you have, would you post the file
here?
J. R. Okajima
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
