On 2018/08/19 15:28, Tetsuo Handa wrote: >> Several types of attempts were made to mount securityfs, but then it was apparent that /sys/kernel/security does not exist: >> # mount -t securityfs securityfs /sys/kernel/security >> mount: /sys/kernel/security: mount point does not exist > > This message suggests that sysfs is not yet mounted on /sys/ . I have never tried Calculate Linux. > But unless tomoyo-editpolicy is executed from a different namespace where /sys/ directory does not > exist, /sbin/tomoyo-init should have already mounted sysfs on /sys/ . There are two possibilities: Oops. I missed that /sbin/tomoyo-init unmounts /sys/ before tomoyo-init terminates if tomoyo-init mounted /sys/ . > > (1) /sys/ directory does not exist in a namespace where tomoyo-editpolicy is attempted. > Please check what "ls -l /sys/kernel/" says. The output should include security/ > directory if sysfs was already mounted on /sys/ . > > (2) /sbin/tomoyo-init was not yet executed on reboot. Most likely cause is that > CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER is not correct for your environment. > Please check what "dmesg | grep -i tomoyo" says. If /sbin/tomoyo-init was executed > correctly, the output should include lines like > > [ 0.012652] TOMOYO Linux initialized > [ 2.661662] Calling /sbin/tomoyo-init to load policy. Please wait. > [ 2.726489] TOMOYO: 2.5.0 > > If you can't find such lines, you can try TOMOYO_trigger= parameter for specifying > different triggers. According to a Wiki page, OpenRC uses init=/usr/bin/openrc-init or > init=/usr/bin/init-openrc instead of init=/sbin/init or init=/usr/libs/systemd/systemd . Since /sys/ is unmounted by /sbin/tomoyo-init before real init program is called, sysfs won't be mounted on /sys/ unless real init program mounts it. But I wonder recent system can boot without /sys/ ... Anyway, I wait for result of "ls -l /sys/kernel/" and "dmesg | grep -i tomoyo" .