[rsbac] Boot problem with RSBAC

Patrique Wolfrum Patrique.Wolfrum at vwl.uni-freiburg.de
Fri Oct 17 12:23:01 MEST 2003 

Hello,

I have the following problem, which often occures when the server is 
restarted or sometimes after kernel recompilations:

rsbac_init(): Started rsbacd thread with pid 16
rsbac_init(): Ready
VFS: Mounted root (ext 3 filesystem) read only.
rsbac_init(): rsbac already initialized
Freeing unused kernel memory: 136k freed
INIT: version 2.82 booting
rsbac_get_attr(): auto-mounting device 00:05
rsbac_acl_get_single_right(): Could not lookup device !
rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error 
RSBAC_EINVALIDDEV !
rsbac_adf_request(): request CLOSE, pid 19, ppid 18, prog_name boot, uid 
0, target_type FIFO, tid Device 00:05 Inode 22 pipe:\[22], attr, value 
0, result NOT_GRANTED by ACL
filp_close() [sys_close]: ADF-call returned NOT GRANTED

I use SUSE 8.2 as distribution, installed on a RAID-5 consisting of 3 
146 GB SCSI-320 drives. The RAID-5 controller is a ServeRaid 5i from 
IBM, which is correctly recognized by Suse. The mounting-table looks 
like this:

/dev/sda12 on / type ext3 (rw)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/sda1 on /boot type ext3 (rw)
/dev/sda8 on /home type ext3 (rw)
/dev/sda7 on /opt type ext3 (rw)
/dev/sda5 on /server type ext3 (rw)
/dev/sda9 on /src type ext3 (rw)
/dev/sda6 on /usr type ext3 (rw)
/dev/sda10 on /var type ext3 (rw)
shmfs on /dev/shm type shm (rw)

For RSBAC I use a prepatched kernel (2.4.21 - RSBAC 1.22), where RSBAC 
is configured in the following way:

#
# General RSBAC options
#
CONFIG_RSBAC_INIT_THREAD=y
CONFIG_RSBAC_MAX_INIT_TIME=60
CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
# CONFIG_RSBAC_NO_WRITE is not set
# CONFIG_RSBAC_MSDOS_WRITE is not set
CONFIG_RSBAC_AUTO_WRITE=5
CONFIG_RSBAC_DEBUG=y
CONFIG_RSBAC_DEV_USER_BACKUP=y
CONFIG_RSBAC_SECOFF_UID=xxx
CONFIG_RSBAC_INIT_DELAY=y
# CONFIG_RSBAC_MAINT is not set

#
# RSBAC networking options
#
CONFIG_RSBAC_NET=y
CONFIG_RSBAC_NET_DEV=y
# CONFIG_RSBAC_NET_DEV_VIRT is not set
CONFIG_RSBAC_IND_NETDEV_LOG=y
CONFIG_RSBAC_NET_OBJ=y
# CONFIG_RSBAC_NET_OBJ_UNIX is not set
# CONFIG_RSBAC_NET_OBJ_RW is not set
CONFIG_RSBAC_IND_NETOBJ_LOG=y

#
# Decision module (policy) options
#
CONFIG_RSBAC_REG=y
CONFIG_RSBAC_REG_SAMPLES=y
# CONFIG_RSBAC_MAC is not set
# CONFIG_RSBAC_FC is not set
# CONFIG_RSBAC_SIM is not set
# CONFIG_RSBAC_PM is not set
# CONFIG_RSBAC_MS is not set
CONFIG_RSBAC_FF=y
CONFIG_RSBAC_FF_AUTH_PROT=y
CONFIG_RSBAC_FF_GEN_PROT=y
CONFIG_RSBAC_RC=y
CONFIG_RSBAC_RC_AUTH_PROT=y
CONFIG_RSBAC_RC_GEN_PROT=y
CONFIG_RSBAC_RC_BACKUP=y
CONFIG_RSBAC_RC_NET_DEV_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_PROT=y
CONFIG_RSBAC_RC_NR_P_LISTS=4
CONFIG_RSBAC_AUTH=y
CONFIG_RSBAC_AUTH_AUTH_PROT=y
# CONFIG_RSBAC_AUTH_DAC_OWNER is not set
CONFIG_RSBAC_ACL=y
# CONFIG_RSBAC_ACL_SUPER_FILTER is not set
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_GEN_PROT=y
CONFIG_RSBAC_RC_GEN_PROT=y
CONFIG_RSBAC_RC_BACKUP=y
CONFIG_RSBAC_RC_NET_DEV_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_PROT=y
CONFIG_RSBAC_RC_NR_P_LISTS=4
CONFIG_RSBAC_AUTH=y
CONFIG_RSBAC_AUTH_AUTH_PROT=y
# CONFIG_RSBAC_AUTH_DAC_OWNER is not set
CONFIG_RSBAC_ACL=y
# CONFIG_RSBAC_ACL_SUPER_FILTER is not set
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_GEN_PROT=y
CONFIG_RSBAC_ACL_BACKUP=y
CONFIG_RSBAC_ACL_NET_DEV_PROT=y
CONFIG_RSBAC_ACL_NET_OBJ_PROT=y
CONFIG_RSBAC_CAP=y
# CONFIG_RSBAC_CAP_PROC_HIDE is not set
CONFIG_RSBAC_CAP_AUTH_PROT=y
CONFIG_RSBAC_JAIL=y
CONFIG_RSBAC_JAIL_NET_ADJUST=y
CONFIG_RSBAC_JAIL_NET_DEV_PROT=y
# CONFIG_RSBAC_RES is not set

#
# Softmode and switching
#
CONFIG_RSBAC_SWITCH=y
CONFIG_RSBAC_SOFTMODE=y
# CONFIG_RSBAC_SOFTMODE_SYSRQ is not set
CONFIG_RSBAC_SOFTMODE_IND=y

#
# Logging
#
CONFIG_RSBAC_IND_LOG=y
CONFIG_RSBAC_IND_USER_LOG=y
CONFIG_RSBAC_IND_PROG_LOG=y
CONFIG_RSBAC_LOG_FULL_PATH=y
CONFIG_RSBAC_MAX_PATH_LEN=1024
CONFIG_RSBAC_RMSG=y
# CONFIG_RSBAC_RMSG_EXCL is not set
# CONFIG_RSBAC_RMSG_NOSYSLOG is not set
# CONFIG_RSBAC_LOG_REMOTE is not set

#
# Symlink redirection
#
# CONFIG_RSBAC_SYM_REDIR is not set

#
# Linux DAC
#
# CONFIG_RSBAC_ALLOW_DAC_DISABLE is not set

#
# Other options
#
CONFIG_RSBAC_SECDEL=y
# CONFIG_RSBAC_RW is not set
# CONFIG_RSBAC_IPC_SEM is not set
# CONFIG_RSBAC_DAC_OWNER is not set
# CONFIG_RSBAC_SYSLOG is not set
# CONFIG_RSBAC_DAT_VISIBLE is not set
# CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set
CONFIG_RSBAC_USER_MOD_IOPERM=y
CONFIG_RSBAC_XSTATS=y

Could someone please give me a hint, which causes the above mentioned 
behaviour ?

Thank you very much in advance.

With best regards.
    Patrique Wolfrum

More information about the rsbac mailing list