Ok, re-built activating with SELinux and it is not working either. My problem seems indeed to be my build process rather than anything relating to my code :(. However, it does not get me closer of understanding what I am doing wrong. Here is the security config for the build with SELinux on:
#
# Security options
#
CONFIG_KEYS=y
CONFIG_PERSISTENT_KEYRINGS=y
CONFIG_BIG_KEYS=y
# CONFIG_ENCRYPTED_KEYS is not set
CONFIG_KEYS_DEBUG_PROC_KEYS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
CONFIG_INTEL_TXT=y
CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=19
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_SECURITY_HELLOWORLD is not set
# CONFIG_IMA is not set
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_SELINUX=y
# CONFIG_DEFAULT_SECURITY_DAC is not set
CONFIG_DEFAULT_SECURITY="selinux"
CONFIG_CRYPTO=y
Thanks a lot Dave for pointing in the right direction.#
# Security options
#
CONFIG_KEYS=y
CONFIG_PERSISTENT_KEYRINGS=y
CONFIG_BIG_KEYS=y
# CONFIG_ENCRYPTED_KEYS is not set
CONFIG_KEYS_DEBUG_PROC_KEYS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
CONFIG_INTEL_TXT=y
CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=19
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_SECURITY_HELLOWORLD is not set
# CONFIG_IMA is not set
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_SELINUX=y
# CONFIG_DEFAULT_SECURITY_DAC is not set
CONFIG_DEFAULT_SECURITY="selinux"
CONFIG_CRYPTO=y
On 19 January 2015 at 00:29, Thomas F. J.-M. Pasquier <tfjmp2@xxxxxxxxx> wrote:
ThomasHere is the security part of the .config:
#
# Security options
#
CONFIG_KEYS=y
CONFIG_PERSISTENT_KEYRINGS=y
CONFIG_BIG_KEYS=y
# CONFIG_ENCRYPTED_KEYS is not set
CONFIG_KEYS_DEBUG_PROC_KEYS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
CONFIG_INTEL_TXT=y
# CONFIG_SECURITY_SELINUX is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_YAMA is not set
CONFIG_SECURITY_HELLOWORLD=y
# CONFIG_IMA is not set
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_HELLOWORLD=y
# CONFIG_DEFAULT_SECURITY_DAC is not set
CONFIG_DEFAULT_SECURITY="helloworld"
CONFIG_CRYPTO=ySELinux is not loading before my module. SELinux was working on the kernel that came with the distribution, did not try to build my kernel with it on. I will try to do so.Thank you very much,On 19 January 2015 at 00:20, Dave Tian <dave.jing.tian@xxxxxxxxx> wrote:Did SELinux get loaded before your changes (Fedora uses SELinux by default)? Would you please post your security config? I still suspect that there was sth messed up in the config.Thanks,Dave
On Jan 18, 2015, at 7:09 PM, Thomas F. J.-M. Pasquier <tfjmp2@xxxxxxxxx> wrote:No, other LSM. Checked in the config file. The only one selected is mine and it is set "Default Security Module" when using menuconfig.On Mon Jan 19 2015 at 12:07:33 AM Tian Dave <dave.jing.tian@xxxxxxxxx> wrote:Then which LSM was triggered? SELinux? You probably need to disable other LSM before making your LSM work.Thanks,Dave2015-01-18 18:49 GMT-05:00 Thomas F. J.-M. Pasquier <tfjmp2@xxxxxxxxx>:Hi everyone,Kernel version 3.17.8I am trying to build a skeleton LSM module, but I am not having much luck so far. The problem seems to be that the LSM init function is never called.I am selecting my helloworld LSM when building the kernel and it is set as default (checked and re-checked in menuconfig + in the file).The build is going fine (my module is built as I would expect). The rest of the building procedure goes fine. I reboot, the new image works just fine except my LSM is not in (nor any other, it seems, for that matter).Here is the init function:static __init int hw_init(void){/* avoid security registration races */if (!security_module_enable(&hw_ops)){printk(KERN_INFO "hw: Disabled at boot.\n");return 0;}printk(KERN_INFO "hw: Initializing.\n");if (register_security(&hw_ops))panic("hw: Unable to register with kernel.\n");elseprintk(KERN_INFO "hw: registered with the kernel.\n");return 0;}security_initcall(hw_init);I looked at how it was done in SELinux and the other security module and I don't seem to be doing things differently or incorrectly. I checked the log level just in case and that's not the issue either.I am tempted to say the problem come from my building procedure/configuration, rather than the module/code in itself (the dist on top of the kernel is fedora21). I have been at it for a while now and any help would be most welcomed.Thank you in advance.Regards,Thomas_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
