[Pkg-sysvinit-devel] Bug#440709: Bug#440709: Bug#440709: Bug#440709: initscripts: Please mount securityfs
Henrique de Moraes Holschuh
hmh at debian.org
Fri Sep 7 12:29:12 UTC 2007
On Thu, 06 Sep 2007, Henrique de Moraes Holschuh wrote:
> On Tue, 04 Sep 2007, Michael Holzt wrote:
> > > 2.6.21 tpm driver doesn't seem to provide securityfs in a non-SE-Linux box.
> > > Does it depend on anything else than just loading tpm?
> >
> > I can't tell. I just observed that the code in drivers/char/tpm/tpm_bios.c
> > attempts to create some securityfs files in a exported function called
> > tpm_bios_log_setup. This function seems to be called from tpm.c if a real
> > tpm chip was found and setup by one of the tpm chipset drivers. So i guess
> > the files will only appear on a machine which contains a supported tpm
> > chip.
>
> Like my T43, where I don't even have a securityfs in the kernel, no matter
> what I do (and I do have a tpm, it is enabled, and the drivers are loaded).
> I must search more for this thing, apparently... probably I need to change
> some kconfig option.
Found it. I need to enable LSM, and the tpm_bios driver is the only thing
that can use securityfs in-tree (which means it could probably be made to
use something else). Not even SE-Linux appears to use securityfs, which is
worrisome: looks like something that could be dropped at anytime.
Still, it wouldn't hurt much to add support for it in initscripts, as
AppArmor is not the only one which can use it. Patches welcome :-)
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-sysvinit-devel
mailing list