[rsbac] Kernel 2.4.27 + RSBAC 1.2.3 Problem

Amon Ott ao at rsbac.org
Mon Nov 22 10:37:31 CET 2004


On Montag, 22. November 2004 09:14, Patrique Wolfrum wrote:
> I tried (again) to upgrade my working RSBAC 1.2.2 installation to 
RSBAC 
> 1.2.3 after compiling the newest RSBAC prepatched kernel. In the 
last 

This is linux-2.4.27-rsbac-v1.2.3-bf7.tar.bz2, right?

> attempts, RSBAC 1.2.3 booted, but then the RSBAC RC rules weren't 
> accessible. This time, the boot went well, until the login prompt 
should 
> have been showing up. The login prompt didn't show up, and the 
systen 
> hang. Booting again with 1.2.2 everything worked fine again.
> 
> In the log-file, the following messages were found:
> 
> kernel: check_comp_rc: rsbac_get_attr() for rc_type_fd returned 
error!
> kernel: rsbac_get_super_block(): device 00:00 not yet available, 
sleeping
> kernel: rsbac_adf_request(): request GET_STATUS_DATA, pid 1564, ppid 
1, prog_name mingetty, uid 0, target_type FILE, tid Device 00:00 
Inode 1033 Path socket:/[1033], attr none, value 0, result 
NOT_GRANTED (Softmode) by RC

This is weird - bugfix 1.2.3-6 contains the following patch to 
adf_main.c:

--- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (revision 16)
+++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (working copy)
@@ -333,6 +333,14 @@
              && (sb_p->s_magic == PIPEFS_MAGIC)
             )
             return DO_NOT_CARE;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+          /* No decision on pseudo sockfs */
+          if(   (target == T_FILE)
+             && (!RSBAC_MAJOR(tid.file.device))
+             && (!RSBAC_MINOR(tid.file.device))
+            )
+            return DO_NOT_CARE;
+#endif
           switch(request)
             {
               case R_GET_STATUS_DATA:

It should have caught this exact call and stopped the problem.

v1.2.4-pre contains a more complete fix, which unfortunately needs a 
new request/target combination, GET_STATUS_DATA on NETOBJ. Could you 
try v1.2.4-pre3 on this system? You can disable RSBAC writing to disk 
to make sure nothing of your setup gets overwritten.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: signature
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20041122/9020d526/attachment.bin


More information about the rsbac mailing list