[rsbac] Losing settings at reboot
Amon Ott
ao at rsbac.org
Tue Oct 7 12:00:19 MEST 2003
On Wednesday 01 October 2003 21:04, Samuli Kärkkäinen wrote:
> On Sat, Sep 27, 2003 at 09:24:01PM +0200, Amon Ott wrote:
> > You can check whether the lists have been saved if you look at the dirty
flags
> > in /proc/rsbac-info/gen-lists. Please also have a closer look if you get
> > error messages about read problems during RSBAC init.
>
> My shutdowns are partially dirty as the system can't figure out how to
> unmount my cryptoloop filesystem upon shutdown. That is like the cause for
> rsbac saying "rsbac_do_init(): Forcing consistency check." at boot.
This is forced by a kernel config option, not by the dirty flags - if writing
to disk fails, even the dirty flags would not make it there.
> /proc/rsbac-info/gen_lists shows no dirty lists though.
That is the main info.
> After the boot before the latest one secoff had incorrect default role of a
> normal user. I didn't touch that setting, yet at the latest boot, it had the
> proper security officer default role again. Seems strangely
> nondeterministic.
>
> The rsbac messages at boot seem quite normal, except that I'm not sure if
> the following lines are supposed to be there:
>
> kernel: rsbac_do_init(): USER AUTH ACI could not be read - generating
standard entries!
> kernel: rsbac_do_init(): USER JAIL ACI could not be read - generating
standard entries!
It just means you have not changed anything in these lists, so they get
recreated after boot. If you have, there is a real problem with flushing
lists to disk!
> But I'll fix the dirty shutdown issue before drawing any further
> conclusions.
OK, please keep us informed.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list