[rsbac] Problems upgrading from 1.2.0 to 1.2.2

Pontus Lidman pontus at lysator.liu.se
Tue Nov 18 20:48:42 CET 2003 

Hello,

I have a working RSBAC 1.2.0 installation running on Linux kernel
2.4.18. I'd like to upgrade, so I compiled kernel 2.4.22 with RSBAC
1.2.2. When I boot this, it seems that the RC module is very reluctant
to allow some kinds of access, like this:

rsbac_adf_request(): request GET_STATUS_DATA, pid 173, ppid 1, prog_name rc, uid
 0, target_type PROCESS, tid 173, attr , value 0, result NOT_GRANTED by RC
rsbac_adf_request(): request GET_STATUS_DATA, pid 191, ppid 185, prog_name nis, 
uid 0, target_type PROCESS, tid 191, attr , value 0, result NOT_GRANTED by RC
rsbac_adf_request(): request GET_STATUS_DATA, pid 193, ppid 185, prog_name setse
rial, uid 0, target_type PROCESS, tid 193, attr , value 0, result NOT_GRANTED by
 RC
rsbac_adf_request(): request GET_STATUS_DATA, pid 202, ppid 201, prog_name pidof
, uid 0, target_type PROCESS, tid 1, attr , value 0, result NOT_GRANTED by RC
rsbac_adf_request(): request GET_STATUS_DATA, pid 231, ppid 230, prog_name start
-stop-daem, uid 0, target_type PROCESS, tid 2, attr , value 0, result NOT_GRANTE
D by RC

These are just a few examples, it seems like no one is allowed to
GET_STATUS_DATA. If I boot back into 2.4.18+1.2.0, things work
smoothly again, so I don't think anything has been corrupted on disk.

RSBAC-related kernel configuration options I used follow below. I'm
grateful for any advice on how to upgrade successfully.

Regards,

Pontus

---8<----

CONFIG_RSBAC=y

#
# General RSBAC options
#
# CONFIG_RSBAC_INIT_THREAD is not set
CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
# CONFIG_RSBAC_NO_WRITE is not set
# CONFIG_RSBAC_MSDOS_WRITE is not set
CONFIG_RSBAC_AUTO_WRITE=2
# CONFIG_RSBAC_DEBUG is not set
CONFIG_RSBAC_DEV_USER_BACKUP=y
CONFIG_RSBAC_SECOFF_UID=400
# CONFIG_RSBAC_INIT_DELAY is not set
# CONFIG_RSBAC_MAINT is not set

#
# RSBAC networking options
#
# CONFIG_RSBAC_NET is not set

#
#  
#

#
# Decision module (policy) options
#
# CONFIG_RSBAC_REG is not set

#
#  
#
# CONFIG_RSBAC_MAC is not set
# CONFIG_RSBAC_FC is not set
# CONFIG_RSBAC_SIM is not set
# CONFIG_RSBAC_PM is not set
# CONFIG_RSBAC_MS is not set
# CONFIG_RSBAC_FF is not set
CONFIG_RSBAC_RC=y
CONFIG_RSBAC_RC_AUTH_PROT=y
CONFIG_RSBAC_RC_GEN_PROT=y
# CONFIG_RSBAC_RC_BACKUP is not set
CONFIG_RSBAC_RC_NR_P_LISTS=4
CONFIG_RSBAC_AUTH=y
CONFIG_RSBAC_AUTH_AUTH_PROT=y
# CONFIG_RSBAC_AUTH_DAC_OWNER is not set
CONFIG_RSBAC_ACL=y
CONFIG_RSBAC_ACL_SUPER_FILTER=y
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_GEN_PROT=y
CONFIG_RSBAC_ACL_BACKUP=y
CONFIG_RSBAC_CAP=y
# CONFIG_RSBAC_CAP_PROC_HIDE is not set
CONFIG_RSBAC_CAP_AUTH_PROT=y
CONFIG_RSBAC_JAIL=y
# CONFIG_RSBAC_RES is not set

#
#  
#

#
# Softmode and switching
#
# CONFIG_RSBAC_SWITCH is not set
# CONFIG_RSBAC_SOFTMODE is not set

#
# Logging
#
# CONFIG_RSBAC_IND_LOG is not set
# CONFIG_RSBAC_IND_USER_LOG is not set
# CONFIG_RSBAC_IND_PROG_LOG is not set
# CONFIG_RSBAC_LOG_FULL_PATH is not set
# CONFIG_RSBAC_RMSG is not set

#
# Symlink redirection
#
# CONFIG_RSBAC_SYM_REDIR is not set

#
# Linux DAC
#
# CONFIG_RSBAC_ALLOW_DAC_DISABLE is not set

#
# Other options
#
# CONFIG_RSBAC_SECDEL is not set
# CONFIG_RSBAC_RW is not set
# CONFIG_RSBAC_IPC_SEM is not set
# CONFIG_RSBAC_DAC_OWNER is not set
# CONFIG_RSBAC_SYSLOG is not set
# CONFIG_RSBAC_DAT_VISIBLE is not set
# CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set
# CONFIG_RSBAC_USER_MOD_IOPERM is not set
# CONFIG_RSBAC_XSTATS is not set



-- 
Pontus Lidman, pontus at lysator.liu.se, Software Engineer
No matter how cynical you get, it's impossible to keep up.
Scene: www.dc-s.com | MUD: tyme.envy.com 6969 | irc: irc.quakenet.eu.org

More information about the rsbac mailing list