Fwd: Re: kernel panic: MAC Initialization failed. (3)

* Fwd: Re: kernel panic: MAC Initialization failed. (3)
       [not found] <CACT4Y+bm4fSXLjR-JQ5nbVLsvFCLAH03yMG=-8mYpafLho-vRw@mail.gmail.com>
@ 2019-05-07 11:37 ` Tetsuo Handa
  0 siblings, 0 replies; only message in thread
From: Tetsuo Handa @ 2019-05-07 11:37 UTC (permalink / raw)
  To: James Morris; +Cc: linux-security-module

James, please include

  [PATCH] tomoyo: Don't emit WARNING: string while fuzzing testing.

before sending to linux.git .

Regards.

-------- Forwarded Message --------
From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Date: Thu, May 2, 2019 at 2:16 AM
To: Dmitry Vyukov
Cc: syzbot

> The commit for avoiding this problem was sent to linux-next.git .
> Please add CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y into
> kernel configs with CONFIG_SECURITY_TOMOYO=y.
>
>
>
> By the way, does syzbot stop upon encountering any "WARNING" string?
> If yes, I guess I need to change
>
>   pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
>
> string in security/tomoyo/util.c because
> CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING enables learning mode.

Yes, syzkaller detects all "WARNING:" strings as kernel bug. There
does not seem to be a better way to detect kernel bugs.
I've tried to enable the config, but all instances indeed immediately
detected as bugged:

2019/05/07 13:11:37 vm-10: crash: WARNING: Domain '<kernel> /sbin/init
/etc/init.d/rc /sbin/startpar /etc/init.d/ssh /sbin/start-stop-daemon
/usr/sbin/ssh [corrupted]

So we will need to wait until removal of the "WARNING:" messages
reaches linux-next.
Perhaps we may skip printing this warning if
CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is set.

^ permalink raw reply	[flat|nested] only message in thread