You are not logged in.
- Topics: Active | Unanswered
#1 2012-11-27 00:09:45
- novembrine
- Member
- Registered: 2012-11-26
- Posts: 6
[SOLVED] Mounting securityfs Without Error Messages from systemd
Hello,
I noticed that securityfs is not automatically mounted to /sys/kernel/security on my system, and I want to use it for my TOMOYO setup. So I placed this line in my /etc/fstab:
securityfs /sys/kernel/security securityfs rw,relatime 0 0However, at startup, I receive an error saying that I gave bad syntax or options. It suggests I check out the system log for any useful info. But there is nothing special listed there around the area where partitions are being remounted:
...
[ 9.768839] EXT4-fs (sda5): re-mounted. Opts: (null)
[ 9.815244] EXT4-fs (sda6): mounted filesystem with ordered data mode. Opts: stripe=4
[ 9.859178] scsi 7:0:0:0: Direct-Access SAMSUNG HD103SI PQ: 0 ANSI: 2 CCS
[ 9.860225] sd 7:0:0:0: [sdc] 1953525168 512-byte logical blocks: (1.00 TB/931 GiB)
[ 9.860931] sd 7:0:0:0: [sdc] Write Protect is off
[ 9.860935] sd 7:0:0:0: [sdc] Mode Sense: 28 00 00 00
[ 9.861771] sd 7:0:0:0: [sdc] No Caching mode page present
[ 9.861801] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[ 9.864702] sd 7:0:0:0: [sdc] No Caching mode page present
[ 9.864791] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[ 9.865511] sdc: sdc1
[ 9.868391] sd 7:0:0:0: [sdc] No Caching mode page present
[ 9.868480] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[ 9.868566] sd 7:0:0:0: [sdc] Attached SCSI disk
[ 9.885457] EXT4-fs (sda7): mounted filesystem with ordered data mode. Opts: (null)
[ 9.927526] Adding 3905532k swap on /dev/sda8. Priority:-1 extents:1 across:3905532k
...Even more, securityfs shows up in /etc/mtab like a champ, as if nothing bad had happened. It works just fine with all of the relevant TOMOYO commands, as well. Here is my mount output:
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
dev on /dev type devtmpfs (rw,nosuid,relatime,size=1948936k,nr_inodes=487234,mode=755)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
/dev/sda5 on / type ext4 (rw,relatime,data=ordered)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,relatime)
/dev/sda6 on /boot type ext4 (rw,nosuid,nodev,noexec,relatime,stripe=4,data=ordered)
/dev/sda7 on /home type ext4 (rw,nosuid,nodev,relatime,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,relatime)
binfmt on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)But errors on startup are less than ideal, and they are usually not for nothing. I assume there must be a more clean way to take care of this other than fstab. I attemped to look into using initcpio (since it takes care of proc, sys, etc.), but I am starting to beleive I shouln't mess with that either.
Any thoughts?
Last edited by novembrine (2012-11-27 09:16:33)
Offline
#2 2012-11-27 01:22:58
- falconindy
- Developer
- From: New York, USA
- Registered: 2009-10-22
- Posts: 4,111
- Website
Re: [SOLVED] Mounting securityfs Without Error Messages from systemd
Actually, if securityfs is enabled in the kernel, systemd mounts it for you.
http://cgit.freedesktop.org/systemd/sys … etup.c#n70
The fact that you're getting an error and it's still mounted.... Very likely that it's "relatime" which is the bad option.
Last edited by falconindy (2012-11-27 01:23:27)
Offline
#3 2012-11-27 03:50:35
- novembrine
- Member
- Registered: 2012-11-26
- Posts: 6
Re: [SOLVED] Mounting securityfs Without Error Messages from systemd
No dice, unfortunately. I took out my line from fstab and then attempted the below.
I appended these two lines to /etc/default/grub and re-compiled:
CONFIG_SECURITY_TOMOYO=y
CONFIG_SECURITYFS=yNo errors, but it did not have the desired effect.
Furthermore, I tried putting back my fstab line with relatime removed, and I get the same error with the same seemingly positive result of a mounted securityfs:
/sys/kernel/security not mounted already, or bad option
mount exited with status 32
Am I putting in the wrong kernel boot parameters?
Last edited by novembrine (2012-11-27 03:57:17)
Offline
#4 2012-11-27 04:21:13
- falconindy
- Developer
- From: New York, USA
- Registered: 2009-10-22
- Posts: 4,111
- Website
Offline
#5 2012-11-27 04:40:26
- novembrine
- Member
- Registered: 2012-11-26
- Posts: 6
Re: [SOLVED] Mounting securityfs Without Error Messages from systemd
I have to disagree. I've never had any such warning text. I always thought that contents of my /proc/self/mounts match my /etc/mtab as much as they were intended to:
rootfs / rootfs rw 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sys /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
dev /dev devtmpfs rw,nosuid,relatime,size=1948936k,nr_inodes=487234,mode=755 0 0
run /run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
/dev/sda5 / ext4 rw,relatime,data=ordered 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
shm /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
/dev/sda6 /boot ext4 rw,nosuid,nodev,noexec,relatime,stripe=4,data=ordered 0 0
/dev/sda7 /home ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
binfmt /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
dev on /dev type devtmpfs (rw,nosuid,relatime,size=1948936k,nr_inodes=487234,mode=755)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
/dev/sda5 on / type ext4 (rw,relatime,data=ordered)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,relatime)
/dev/sda6 on /boot type ext4 (rw,nosuid,nodev,noexec,relatime,stripe=4,data=ordered)
/dev/sda7 on /home type ext4 (rw,nosuid,nodev,relatime,data=ordered)
binfmt on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
rootfs is not shown for security reasons, I thought.
Do I need to re-compile my kernel? I was hoping to avoid that...
Last edited by novembrine (2012-11-27 04:42:20)
Offline
#6 2012-11-27 05:57:14
- falconindy
- Developer
- From: New York, USA
- Registered: 2009-10-22
- Posts: 4,111
- Website
Re: [SOLVED] Mounting securityfs Without Error Messages from systemd
Uh, security reasons? I don't follow...
If that's your /proc/self/mounts, then you aren't actually booting with systemd. You would be seeing a large number of cgroup mounts and, among other things, securityfs would be mounted for you. example...
rootfs / rootfs rw 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sys /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
dev /dev devtmpfs rw,nosuid,relatime,size=6149824k,nr_inodes=1537456,mode=755 0 0
run /run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
/dev/sda2 / ext4 rw,noatime,discard,data=ordered 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /sys/fs/cgroup tmpfs rw,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0
cgroup /sys/fs/cgroup/net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_prio 0 0
cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=28,pgrp=1,timeout=300,minproto=5,maxproto=5,direct 0 0
systemd-1 /home autofs rw,relatime,fd=32,pgrp=1,timeout=300,minproto=5,maxproto=5,direct 0 0
systemd-1 /mnt/Gluttony autofs rw,relatime,fd=33,pgrp=1,timeout=300,minproto=5,maxproto=5,direct 0 0
systemd-1 /mnt/Haven autofs rw,relatime,fd=34,pgrp=1,timeout=300,minproto=5,maxproto=5,direct 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime 0 0
mqueue /dev/mqueue mqueue rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,size=512000k 0 0
/dev/sda1 /boot ext3 rw,nodev,noexec,noatime,data=ordered 0 0
/dev/sdb1 /home ext4 rw,relatime,data=ordered 0 0
/dev/sdb2 /mnt/Gluttony ext4 rw,nodev,noatime,data=ordered 0 0
/dev/sdc1 /mnt/Haven ext4 rw,nodev,noatime,data=ordered 0 0
/dev/sdc1 /srv/nfs/vmbin ext4 rw,nodev,noatime,data=ordered 0 0
/dev/sdc1 /srv/nfs/pkgs ext4 rw,nodev,noatime,data=ordered 0 0
nfsd /proc/fs/nfsd nfsd rw,relatime 0 0
binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0note that securityfs doesn't show up here because it's not in my kernel.
Last edited by falconindy (2012-11-27 05:59:17)
Offline
#7 2012-11-27 08:20:32
- novembrine
- Member
- Registered: 2012-11-26
- Posts: 6
Re: [SOLVED] Mounting securityfs Without Error Messages from systemd
Uh, security reasons? I don't follow...
That was just me thinking aloud.
If that's your /proc/self/mounts, then you aren't actually booting with systemd. You would be seeing a large number of cgroup mounts and, among other things, securityfs would be mounted for you. example...
You are correct. Though I had systemd installed, I was not actually using it. Turns out my system is a couple of weeks older than the official switch.
Thanks! If my problem is fixed after I reboot and finish setting up, I will switch this to solved.
Offline