Bug 2303689 - FutureFeature: Please enable TOMOYO Linux security module (#2)
Summary: FutureFeature: Please enable TOMOYO Linux security module (#2)
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: All
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-08 14:08 UTC by Tetsuo Handa
Modified: 2024-12-17 09:46 UTC (History)
21 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-12-17 09:46:41 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Tetsuo Handa 2024-08-08 14:08:17 UTC 
Description of problem:
TOMOYO is not enabled in Fedora kernels.

Expected results:
Fedora kernels are built with CONFIG_SECURITY_TOMOYO=y .

Additional info:
TOMOYO was enabled in many distribution kernels, including CentOS plus kernels.
Since I heard no complaints caused by enabling TOMOYO, I believe that https://bugzilla.redhat.com/show_bug.cgi?id=542986#c8 was a needless anxiety.


Reproducible: Always
Comment 1 Ondrej Mosnáček 2024-10-16 10:32:14 UTC 
Hi Tetsuo,

I agree that that there should be no problem with enabling TOMOYO in Fedora kernels as it stands. For example, Landlock is already enabled in Fedora even if it remains disabled in RHEL. The final decision is up to the Fedora/ARK kernel maintainers (Justin Forbes and Patrick Talbert), but I don't think they will object.

The Fedora kernel is open for contributions at https://gitlab.com/cki-project/kernel-ark with the technicalities and process documented at https://cki-project.gitlab.io/kernel-ark/index.html. I'd suggest to go ahead and open a merge request to adjust the Fedora configs, which is likely to get a reaction from the maintainers faster. I think you should leave the CONFIG_LSM value unchanged, so that TOMOYO remains boot-time disabled by default (allowing users to override the lsm="..." boot param if they want to use TOMOYO), but perhaps a case can be made to enable it by default, even - not sure what are the implications of that with the current state of LSM infra and TOMOYO.

I believe the kernel-ark diff below should do the trick. (Though I only sanity-tested it with `make dist-srpm`, nothing more.)

diff --git a/redhat/configs/fedora/generic/CONFIG_DEFAULT_SECURITY_TOMOYO b/redhat/configs/fedora/generic/CONFIG_DEFAULT_SECURITY_TOMOYO
new file mode 100644
index 0000000000000..d263a1a61d450
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_DEFAULT_SECURITY_TOMOYO
@@ -0,0 +1 @@
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
diff --git a/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO
new file mode 100644
index 0000000000000..e6f51d95d4717
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO
@@ -0,0 +1 @@
+CONFIG_SECURITY_TOMOYO=y
diff --git a/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER
new file mode 100644
index 0000000000000..3b16051a555f2
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER
@@ -0,0 +1 @@
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
diff --git a/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
new file mode 100644
index 0000000000000..92223fef7c44a
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
@@ -0,0 +1 @@
+# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set
diff --git a/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY
new file mode 100644
index 0000000000000..bad144205fdbb
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY
@@ -0,0 +1 @@
+CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
diff --git a/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG
new file mode 100644
index 0000000000000..30348b5801aa6
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG
@@ -0,0 +1 @@
+CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
diff --git a/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
new file mode 100644
index 0000000000000..ca0f6f98f1719
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
@@ -0,0 +1 @@
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
diff --git a/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_POLICY_LOADER b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_POLICY_LOADER
new file mode 100644
index 0000000000000..03e6d66e76108
--- /dev/null
+++ b/redhat/configs/fedora/generic/CONFIG_SECURITY_TOMOYO_POLICY_LOADER
@@ -0,0 +1 @@
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
diff --git a/redhat/configs/common/generic/CONFIG_SECURITY_TOMOYO b/redhat/configs/rhel/generic/CONFIG_SECURITY_TOMOYO
similarity index 100%
rename from redhat/configs/common/generic/CONFIG_SECURITY_TOMOYO
rename to redhat/configs/rhel/generic/CONFIG_SECURITY_TOMOYO
Comment 2 Tetsuo Handa 2024-12-17 09:46:41 UTC 
Closing this bug, for TOMOYO LSM is now enabled in kernel-6.12.4-200.fc41.x86_64.rpm .

Thank you.
Note You need to log in before you can comment on or make changes to this bug.