Jamie Nguyen wrote:
> The error is dmesg is:
> ERROR: Domain '<kernel> /sbin/modprobe' not defined.
>
> The "<kernel> /sbin/modprobe" does exist however.
Ah, I see. As of /sbin/modprobe is executed from initramfs/initrd,
profiles are not yet defined because /sbin/ccs-init is not yet called.
I think below patch will fix it.
--- a/security/ccsecurity/domain.c
+++ b/security/ccsecurity/domain.c
@@ -492,13 +492,14 @@ struct ccs_domain_info *ccs_assign_domai
/*
* Since namespace is created at runtime, profiles may
* not be created by the moment the process transits to
* that domain. Do not perform domain transition if
* profile for that domain is not yet created.
*/
- if (!entry->ns->profile_ptr[entry->profile])
+ if (ccs_policy_loaded &&
+ !entry->ns->profile_ptr[entry->profile])
return NULL;
security->ccs_domain_info = entry;
}
return entry;
}
/* Requested domain does not exist. */
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
