UBUNTU: [Config] Disable CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER

BugLink: http://bugs.launchpad.net/bugs/952035

CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER option is meant for systems
where it is difficult to call /sbin/tomoyo-init upon execution of
/sbin/init . For desktop and servers, /sbin/tomoyo-init should be used
for loading TOMOYO's policy configuration. Therefore change the
following kernel configuration from

  CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y

to

  # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
  CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
  CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"

Without this change, booting with security=tomoyo results in a kernel
panic.

Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>

diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 7ac2ddf..12526d8 100644 (file)
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -4600,9 +4600,11 @@ CONFIG_SECURITY_SELINUX_DISABLE=y
 # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
 CONFIG_SECURITY_SMACK=y
 CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
-CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
 CONFIG_SECURITY_YAMA=y
 CONFIG_SEEQ8005=m
 CONFIG_SELECT_MEMORY_MODEL=y