由于 /sbin/tomoyo-init 不存在而未激活强制访问控制?

tag-icon tag-icon linux
由于 /sbin/tomoyo-init 不存在而未激活强制访问控制?

当我编译Linux内核生成bzImagerootfs使用创建busybox、重启电脑执行时dmesg,发现报警。tomoyo-init我的定制系统中没有该可执行文件/sbin,但我的另一台计算机已debian12安装,并且是相同的。请问这是怎么回事?

有关以下的一些信息dmesg

...
[    5.881333] usb 1-4.4: Manufacturer: CoreChips
[    5.881334] usb 1-4.4: SerialNumber: 000000000012
[    5.994649] usb 1-8: new full-speed USB device number 13 using xhci_hcd
[    6.121406] usb 1-8: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice= 0.02
[    6.121409] usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[    6.121411] usb 1-8: Product: USB TO CANBUS BRIDGE
[    6.121412] usb 1-8: Manufacturer: FINTEK
[    6.121413] usb 1-8: SerialNumber: 88635600168801
[    6.129607] asix 1-1:1.0 enx000ec6942ec8: renamed from eth0
[    6.136120] asix 1-6:1.0 enx000ec6942ec9: renamed from eth1
[    6.421936] EXT4-fs (mmcblk0p3): mounted filesystem c77a9130-f6eb-4eb6-aa9a-b20f388ab0e6 r/w with ordered data mode. Quota mode: none.
[    6.464134] Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist.
[    6.510129] dca service started, version 1.12.1
[    6.530192] pps_core: LinuxPPS API ver. 1 registered
[    6.530197] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <[email protected]>
[    6.547368] PTP clock support registered
[    6.630436] igb: Intel(R) Gigabit Ethernet Network Driver
[    6.630442] igb: Copyright (c) 2007-2014 Intel Corporation.
[    6.630496] igb 0000:01:00.0: enabling device (0000 -> 0002)
[    6.660066] pps pps0: new PPS source ptp0
[    6.660132] igb 0000:01:00.0: added PHC on eth0
[    6.660134] igb 0000:01:00.0: Intel(R) Gigabit Ethernet Network Connection
[    6.660136] igb 0000:01:00.0: eth0: (PCIe:2.5Gb/s:Width x1) 90:e4:68:02:01:40
[    6.660138] igb 0000:01:00.0: eth0: PBA No: FFFFFF-0FF
...

我看到网上有人说和这个有关grub.cfg。我的定制系统grub.cfg如下:

root@dobot:~# cat /boot/grub/grub.cfg
# Begin cfg
set default=0
set timeout=3

menuentry "GNU/Linux, Dobot-6.4.0-rt8" {
    linux (hd0,gpt2)/bzImage rw root=/dev/mmcblk0p3 net.ifname-policy=onboard,path,slot
    initrd (hd0,gpt2)/initrd.img-6.4.0-rt8
}

答案1

这不是一个“警报”,它只是一条消息,表明TOMOYO Linux MAC 子系统未激活,因为用户空间激活已配置但/sbin/tomoyo-init不可用。

相关内核配置有关详细信息:看来您启用了SECURITY_TOMOYO,没有SECURITY_TOMOYO_OMIT_USERSPACE_LOADER,并且没有提供所需的用户空间工具。

如果您不打算使用 TOMOYO Linux,您应该SECURITY_TOMOYO在构建配置中禁用它。如果您要使用它,您应该提供适当的工具(tomoyo-toolsDebian 中的软件包)和配置。

相关内容