R: [rsbac] 1.1.2 softmode yet access denied

Alberto Guglielmo rsbac@rsbac.org
Sun Jun 23 10:01:02 2002

As you can see the forbidden object is "RSBAC-internal", in particular is
the directory in which rsbac (1.1.2) stores all his ACL etc.
There is no need to access directly these items, the backup_all utility
extracts all the stuff anyway via the proper utilities (in /usr/local/bin).
I never tried the backup_all_1.1.2 on 1.2.0 rsbac systems, so I don't know
if this "legal" error blocks the backup process, and as of today I'm unable
to try it (no more 1.1.2 systems to upgrade...), but Amon Ott will surely be
of help if so.
In the first lines of the utility (which is a shell-script) you can read

# Backup RSBAC attributes for upgrade from 1.1.2 to 1.2.0
# This script generates a backup of most RSBAC settings on stdout.
# It is intended to run with v1.1.2 admin tools under a RSBAC v1.1.2 kernel,
# and the restore must run with v1.2.0 admin tools under a v1.2.0 kernel.

Are you dumping attributes with a 1.1.2 kernel and 1.1.2 tools?
Hope this helps, at least a little....

Alberto Guglielmo
Key Fingerprint:7EAF 9E34 2838 7C6B EE47  E8F0 FFC5 3CBC 90AA 5EEE
PGP Keys at:

-----Messaggio originale-----
Da: rsbac-admin@rsbac.org [mailto:rsbac-admin@rsbac.org]Per conto di
Tony den Haan
Inviato: sabato 22 giugno 2002 20.55
A: rsbac@rsbac.org
Oggetto: [rsbac] 1.1.2 softmode yet access denied


i was trying to run backup before upgrading to 1.2.0, ran into:

Soft mode enabled via SysRq!

running backupscript as root:

rsbac_adf_request(): trial to access object declared RSBAC-internal!
opendir for dir //rsbac returned error: Operation not permitted
/usr/src/rsbac-admin-v1.2.0/src/scripts/backup_all_1.1.2: line 42: syntax
near unexpected token `|'
/usr/src/rsbac-admin-v1.2.0/src/scripts/backup_all_1.1.2: line 42: `  |
sed -e "s/role 64/type 4294967295/g" \'

cat /proc/rsbac-info/debug
RSBAC Debug Settings
rsbac_softmode is 1
rsbac_nosyslog is 0
rsbac_auth_enable_login is 0
rsbac_debug_write is 0
rsbac_debug_stack is 0
rsbac_debug_lists is 0
rsbac_debug_ds is 0
rsbac_debug_aef is 0
rsbac_debug_no_write is 0
rsbac_debug_reg is 0
rsbac_debug_ds_rc is 0
rsbac_debug_aef_rc is 0
rsbac_debug_adf_rc is 0
rsbac_debug_ds_auth is 0
rsbac_debug_aef_auth is 0
rsbac_debug_adf_auth is 0
rsbac_debug_ds_acl is 0
rsbac_debug_aef_acl is 0
rsbac_debug_adf_acl is 0
rsbac_debug_auto is 0

kernel version is 2.4.16

any ideas?


rsbac mailing list