[rsbac] Upgrading from 1.2.2 to 1.2.3
Amon Ott
ao at rsbac.org
Mon Aug 9 17:11:27 CEST 2004
On Montag, 9. August 2004 16:42, Patrique Wolfrum wrote:
> before upgrading my working RSBAC 1.2.2 installation to 1.2.3, I
would
> like to ask, if the existing rules need to be changed in order to
work
> with 1.2.3 or does 1.2.3 work as 1.2.2 and I can activate the new
> features (like the "boot role") at a later time without problems ?
> (Since I administrate a server at the local university, which is
used by
> all chairs at the faculty, so I am very interested in knowing that
> before the upgrade ;-))
If no role is marked as boot role, the system boots with root's role
as before. The new type (default no. 999999) for kernel threads might
need some right adjustments, but the system should work fine.
The rsbac_jail command syntax has changed, and the jail has become
tighter. So in some jail cases, you will have to grant more
privileges with extra switches.
Generally, I recommend to enable softmode in RSBAC kernel config and
boot with softmode on the first boot. If you want to be sure that you
can easily return to the previous kernel, use rsbac_debug_no_write
kernel parameter for the first boot.
When the system runs fine with the new version, you can rebuild the
kernel without softmode.
I am sorry that I cannot give you more precise help - I updated some
systems a few weeks ago, but did not take notes on what did not work.
As far as I remember, there were no real problems. The only thing
that has been reported as being nasty is related to initrd, where the
linuxrc always runs with role 0 instead of root's or the boot role.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: signature
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20040809/bf80d3fe/attachment.bin
More information about the rsbac
mailing list