[rsbac] Losing settings at reboot

[Amon Ott]

On Wednesday 01 October 2003 21:04, Samuli Kärkkäinen wrote:
> On Sat, Sep 27, 2003 at 09:24:01PM +0200, Amon Ott wrote:
> > You can check whether the lists have been saved if you look at the dirty 
flags 
> > in /proc/rsbac-info/gen-lists. Please also have a closer look if you get 
> > error messages about read problems during RSBAC init.
> 
> My shutdowns are partially dirty as the system can't figure out how to
> unmount my cryptoloop filesystem upon shutdown. That is like the cause for
> rsbac saying "rsbac_do_init(): Forcing consistency check." at boot.

This is forced by a kernel config option, not by the dirty flags - if writing 
to disk fails, even the dirty flags would not make it there.

> /proc/rsbac-info/gen_lists shows no dirty lists though.

That is the main info.
 
> After the boot before the latest one secoff had incorrect default role of a
> normal user. I didn't touch that setting, yet at the latest boot, it had the
> proper security officer default role again. Seems strangely
> nondeterministic.
> 
> The rsbac messages at boot seem quite normal, except that I'm not sure if
> the following lines are supposed to be there:
> 
> kernel: rsbac_do_init(): USER AUTH ACI could not be read - generating 
standard entries!
> kernel: rsbac_do_init(): USER JAIL ACI could not be read - generating 
standard entries!

It just means you have not changed anything in these lists, so they get 
recreated after boot. If you have, there is a real problem with flushing 
lists to disk!
 
> But I'll fix the dirty shutdown issue before drawing any further
> conclusions.

OK, please keep us informed.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22