[rsbac] Kernel 2.4.27 + RSBAC 1.2.3 Problem
Amon Ott
ao at rsbac.org
Mon Nov 22 10:37:31 CET 2004
On Montag, 22. November 2004 09:14, Patrique Wolfrum wrote:
> I tried (again) to upgrade my working RSBAC 1.2.2 installation to
RSBAC
> 1.2.3 after compiling the newest RSBAC prepatched kernel. In the
last
This is linux-2.4.27-rsbac-v1.2.3-bf7.tar.bz2, right?
> attempts, RSBAC 1.2.3 booted, but then the RSBAC RC rules weren't
> accessible. This time, the boot went well, until the login prompt
should
> have been showing up. The login prompt didn't show up, and the
systen
> hang. Booting again with 1.2.2 everything worked fine again.
>
> In the log-file, the following messages were found:
>
> kernel: check_comp_rc: rsbac_get_attr() for rc_type_fd returned
error!
> kernel: rsbac_get_super_block(): device 00:00 not yet available,
sleeping
> kernel: rsbac_adf_request(): request GET_STATUS_DATA, pid 1564, ppid
1, prog_name mingetty, uid 0, target_type FILE, tid Device 00:00
Inode 1033 Path socket:/[1033], attr none, value 0, result
NOT_GRANTED (Softmode) by RC
This is weird - bugfix 1.2.3-6 contains the following patch to
adf_main.c:
--- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (revision 16)
+++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (working copy)
@@ -333,6 +333,14 @@
&& (sb_p->s_magic == PIPEFS_MAGIC)
)
return DO_NOT_CARE;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+ /* No decision on pseudo sockfs */
+ if( (target == T_FILE)
+ && (!RSBAC_MAJOR(tid.file.device))
+ && (!RSBAC_MINOR(tid.file.device))
+ )
+ return DO_NOT_CARE;
+#endif
switch(request)
{
case R_GET_STATUS_DATA:
It should have caught this exact call and stopped the problem.
v1.2.4-pre contains a more complete fix, which unfortunately needs a
new request/target combination, GET_STATUS_DATA on NETOBJ. Could you
try v1.2.4-pre3 on this system? You can disable RSBAC writing to disk
to make sure nothing of your setup gets overwritten.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: signature
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20041122/9020d526/attachment.bin
More information about the rsbac
mailing list