Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
From: James Morris <jmorris@namei.org>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: linux-security-module@vger.kernel.org,
	Dmitry Vyukov <dvyukov@google.com>,
	syzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>,
	syzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
Subject: Re: [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Date: Wed, 13 Mar 2019 08:24:00 +1100 (AEDT)
Message-ID: <alpine.LRH.2.21.1903130821250.2172@namei.org> (raw)
In-Reply-To: <5b69c819-eed4-1825-9e67-fff1206e9e3f@i-love.sakura.ne.jp>

On Wed, 13 Mar 2019, Tetsuo Handa wrote:

> > I don't understand the logic here. If the cause of this is no policy 
> > loaded combined with running out of memory, shouldn't the no-policy issue 
> > be dealt with earlier?
> > 
> 
> This patch is for automatically loading minimal policy at boot time
> in order to address the no-policy issue. By applying this patch, syzbot
> can test TOMOYO module without modifying userspace to load TOMOYO's policy
> when /sbin/init starts.

If syzbot is trying to test Tomoyo and this requires policy to be loaded, 
shouldn't it do that?

And again, I think the no-policy situation needs to be detected before 
you start trying to apply memory policies to running processes. Surely 
there is some much earlier point during initialization that you will 
detect that there is no policy?

-- 
James Morris
<jmorris@namei.org>


  reply index

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-28 14:06 Tetsuo Handa
2019-03-04 13:35 ` Tetsuo Handa
2019-03-04 14:34   ` Stephen Smalley
2019-03-04 23:59     ` Tetsuo Handa
2019-03-05  3:32       ` James Morris
2019-03-11 13:18         ` Tetsuo Handa
2019-03-12 17:19           ` James Morris
2019-03-12 21:15             ` Tetsuo Handa
2019-03-12 21:19               ` James Morris
2019-03-12 21:56               ` Edwin Zimmerman
2019-03-13 20:00                 ` James Morris
2019-03-12 18:21 ` James Morris
2019-03-12 20:56   ` Tetsuo Handa
2019-03-12 21:24     ` James Morris [this message]
2019-03-13 10:29       ` Tetsuo Handa
2019-03-13 13:17         ` Paul Moore
2019-03-25 21:09           ` Tetsuo Handa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LRH.2.21.1903130821250.2172@namei.org \
    --to=jmorris@namei.org \
    --cc=dvyukov@google.com \
    --cc=linux-security-module@vger.kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com \
    --cc=syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git