[rsbac] Upgrading from 1.2.2 to 1.2.3

[Amon Ott]

On Montag, 9. August 2004 16:42, Patrique Wolfrum wrote:
> before upgrading my working RSBAC 1.2.2 installation to 1.2.3, I 
would 
> like to ask, if the existing rules need to be changed in order to 
work 
> with 1.2.3 or does 1.2.3 work as 1.2.2 and I can activate the new 
> features (like the "boot role") at a later time without problems ?
> (Since I administrate a server at the local university, which is 
used by 
> all chairs at the faculty, so I am very interested in knowing that 
> before the upgrade ;-))

If no role is marked as boot role, the system boots with root's role 
as before. The new type (default no. 999999) for kernel threads might 
need some right adjustments, but the system should work fine.

The rsbac_jail command syntax has changed, and the jail has become 
tighter. So in some jail cases, you will have to grant more 
privileges with extra switches.

Generally, I recommend to enable softmode in RSBAC kernel config and 
boot with softmode on the first boot. If you want to be sure that you 
can easily return to the previous kernel, use rsbac_debug_no_write 
kernel parameter for the first boot.

When the system runs fine with the new version, you can rebuild the 
kernel without softmode.

I am sorry that I cannot give you more precise help - I updated some 
systems a few weeks ago, but did not take notes on what did not work.  
As far as I remember, there were no real problems. The only thing 
that has been reported as being nasty is related to initrd, where the 
linuxrc always runs with role 0 instead of root's or the boot role.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: signature
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20040809/bf80d3fe/attachment.bin