Re: 2.6.36-rc7: kernel panic with SECURITY_TOMOYO=y

[Tetsuo Handa]

Jiri Kosina wrote: ( http://lkml.org/lkml/2010/8/11/80 )
> > The panic message was:
> > >  Profile %u (used by '%s') not defined.
> >
> > Profile 0 (used by '0') not defined.
> 
> Looking at the code ...
> 
>      void tomoyo_check_profile(void)
>      {
>              struct tomoyo_domain_info *domain;
>              const int idx = tomoyo_read_lock();
>              tomoyo_policy_loaded = true;
>              /* Check all profiles currently assigned to domains are defined. */
>              list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
>                      const u8 profile = domain->profile;
>                      if (tomoyo_profile_ptr[profile])
>                              continue;
>                      panic("Profile %u (used by '%s') not defined.\n",
>                            profile, domain->domainname->name);
>              }
>              tomoyo_read_unlock(idx);
>              if (tomoyo_profile_version != 20090903)
>                      panic("Profile version %u is not supported.\n",
>                            tomoyo_profile_version);
>              printk(KERN_INFO "TOMOYO: 2.3.0\n");
>              printk(KERN_INFO "Mandatory Access Control activated.\n");
>      }
> 
> makes one wonder whether not having up-to-date userspace really does
> qualify for unconditional kernel panic.

KOSAKI Motohiro wrote:
> Handa-san, please see this panic message again.
> 
> > Kernel panic - not syncing: Profile uersion 0 is not supported
> 
> Profile?
> This message doesn't have any information which should we look!
> And, 'profile' is wrong word. TOMOYO have to recommend to upgrade
> userland tools here at minimum.

I see. What about this?