Tetsuo Handa wrote: > stank****@xoxy***** wrote: > > On 08/13/2017 05:41 PM, Tetsuo Handa - > > > After rebooting, is /sys/kernel/security/tomoyo/manager still empty? > > > > Both /sys/kernel/security/tomoyo/manager and /etc/tomoyo/manager.conf > > are empty after running /usr/lib/tomoyo/init_policy and rebooting. > > (/etc/tomoyo/manager.conf is empty immediately after running > > init_policy. No relevant output is in dmesg.) > > > OK. So, for some reason /etc/tomoyo/manager.conf is empty. I\'m surprised that > init_policy failed to write to /etc/tomoyo/manager.conf . Anyway, you can try > manually creating /etc/tomoyo/manager.conf with content shown below. > > [root at localhost ~]# /usr/lib/tomoyo/init_policy > Creating policy directory... OK > Creating configuration directory... OK > Creating exception policy... OK. > Creating domain policy... OK. > Creating manager policy... OK. > Creating default profile... OK. > Creating stat policy... OK. > Creating configuration file for tomoyo-editpolicy ... OK. > Creating configuration file for tomoyo-auditd ... OK. > Creating configuration file for tomoyo-patternize ... OK. > Creating configuration file for tomoyo-notifyd ... OK. > [root at localhost ~]# cat /etc/tomoyo/manager.conf > /usr/sbin/tomoyo-loadpolicy > /usr/sbin/tomoyo-editpolicy > /usr/sbin/tomoyo-setlevel > /usr/sbin/tomoyo-setprofile > /usr/sbin/tomoyo-queryd > [root at localhost ~]# stank****@xoxy***** wrote: > Yes, I see \"<kernel> /usr/bin/agetty /usr/bin/login /usr/bin/bash /usr/bin/tomoyo-editpolicy ( /usr/bin/tomoyo-editpolicy ) is not permitted to update policies.\" Oops, in your environment, they are installed in /usr/bin rather than /usr/sbin .
TOMOYO
Fork