BugLink: http://bugs.launchpad.net/bugs/952035
CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER option is meant for systems
where it is difficult to call /sbin/tomoyo-init upon execution of
/sbin/init . For desktop and servers, /sbin/tomoyo-init should be used
for loading TOMOYO's policy configuration. Therefore change the
following kernel configuration from
CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y
to
# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
Without this change, booting with security=tomoyo results in a kernel
panic.
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
CONFIG_SECURITY_SMACK=y
CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
-CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
CONFIG_SECURITY_YAMA=y
CONFIG_SEEQ8005=m
CONFIG_SELECT_MEMORY_MODEL=y