[rsbac] modules at boottime

Tue Jun 3 13:34:55 MEST 2003

Amon Ott schrieb:

>On Tuesday, 3. June 2003 11:15, Torsten Becker wrote:
>  
>
>>Arkady A Drovosekov schrieb:
>>    
>>
>>>On Tue, Jun 03, 2003 at 12:55:55AM +0200, Torsten Becker wrote:
>>>      
>>>
>>>>I have a adamantix kernel with rsbac installed and get a lot of errors 
>>>>with the string rsbac_mount() while booting the kernel.
>>>>   
>>>>
>>>>        
>>>>
>>>what kind of errors?
>>>
>>>      
>>>
>>May 31 18:46:53 nc-adamantix kernel: rsbac_mount(): RSBAC not 
>>initialized while mounting DEV 01:00, delaying
>>May 31 18:46:53 nc-adamantix kernel: rsbac_mount(): RSBAC not 
>>initialized while mounting DEV 00:02, delaying
>>May 31 18:46:53 nc-adamantix kernel: rsbac_mount(): RSBAC not 
>>initialized while mounting DEV 00:02, delaying
>>May 31 18:46:53 nc-adamantix kernel: rsbac_mount(): RSBAC not 
>>initialized while mounting DEV 00:08, delaying
>>May 31 18:46:53 nc-adamantix kernel: rsbac_mount(): RSBAC initialization 
>>still delayed while mounting real DEV 03:09, forcing rsbac_init()
>>May 31 18:46:53 nc-adamantix kernel: do_umount() [sys_umount()]: umount 
>>failed -> calling rsbac_mount for Device 01:00
>>    
>>
>
>These are fine, they come from the delayed init in the adamantix kernel 
>config. Access control will start after forcing the init on the first real 
>device mount (03:09), all previously mounted devices will be rsbac_mounted on 
>the first access to them.
>
>  
>
>>>>My real problem is that the network cards (RLT8139c) will not be 
>>>>installed at boottime. After system is booted I can log on as root and 
>>>>insmod the modul 8139too.
>>>>   
>>>>
>>>>        
>>>>
>>>what in your /etc/modules?
>>>
>>>and what distribution do you use?
>>> 
>>>
>>>      
>>>
>>I use a Debian based distribution called Adamantix (former Trusteddebian).
>>They offer three kernels: one without rsbac one rsbac -soft and one 
>>rsbac -sec. (2.4.20)
>>They say that the kernels only differ in the rsbac settings. My nic's 
>>are automaticaly installed with the kernel without rsbac.
>>So I thought to have problems with the rsbac settings/restrictions.
>>    
>>
>
>Generally, if RSBAC denies anything, you will get a log message with the 
>reason for it.
>
>It is possible that you use the wrong initrd file. There are two different 
>ones for non-RSBAC and RSBAC kernels in adamantix, because RSBAC may change 
>module code and thus changes the kernel version string to use a different set 
>of modules. Please check your lilo.conf or grub setting for the initrd= 
>strings.
>
>Now, if you boot with the wrong initrd, the RSBAC kernel does not find the 
>module in /lib/modules/2.4.20-rsbac, because your initrd modules are in 
>/lib/modules/2.4.20.
>  
>
I checked the menu.lst of grub. It seems all to be allright. In the 
"automatic configuration" section I found two initrd settings.
One for the -soft kernel and one for the -sec kernel always right 
beneath the kernel settings. I found none for the kernel without rsbac.
Now, if I boot with the wrong initrd setting , would modprobe install me 
the modules?
If I have logged in the system I can do modprobe and the modules are 
installed. If I try to do insmod , I get errors. I think these errors 
come from the generall RC settings I read about!?

Perhaps I have to tell, that I only configured /bin/login , portmapper 
and sshd with rsbac_menu. I did nothing else so far.
Do I have to add some rules about modules or block-devices ?? I read 
something about a rule "add_to_kernel" , do I have to add this somewhere 
to get the kernel install the nic's??

Can you tell me the difference between -soft and -sec kernels of adamantix?

Torsten.