[rsbac] Kernel 2.4.27 + RSBAC 1.2.3 Problem
Patrique Wolfrum
Patrique.Wolfrum at vwl.uni-freiburg.de
Tue Nov 23 13:40:44 CET 2004
Hello,
thank you for the quick reply.
>This is linux-2.4.27-rsbac-v1.2.3-bf7.tar.bz2, right?
>
>
Correct.
>new request/target combination, GET_STATUS_DATA on NETOBJ. Could you
>try v1.2.4-pre3 on this system? You can disable RSBAC writing to disk
>to make sure nothing of your setup gets overwritten.
>
>
I tried that.
I compiled linux-2.4.27-rsbac-v1.2.4-pre3 and the according
rsbac-admintools (I installed them this time in /opt/rsbac-1.2.4 in
order to not disrupt my working rsbac-1.2.2-admintool installation
(installed in /usr/local/)). For booting I used the kernel parameters
'rsbac_debug_no_write' and 'rsbac_softmode' (it would boot correctly
without softmode). After some error messages it booted, and I was able
to login. After starting rsbac_menu I saw, that it was unable to read
any RC role and RC FD we have installed on the system (both lists were
empty and I was asked about an initial role).
In the first boot (without softmode) the following error messages were
written:
Nov 23 13:09:34 pille kernel: klogd 1.4.1, log source = /proc/kmsg started.
Nov 23 13:09:34 pille kernel: Cannot find map file.
Nov 23 13:09:34 pille kernel: No module symbols loaded - kernel modules
not enabled.
Nov 23 13:09:34 pille kernel: Cannot build symbol table - disabling
symbol lookups
Nov 23 13:09:34 pille kernel: ]: rsbac_adf_set_attr() returned error!
Nov 23 13:09:34 pille kernel: rsbac_adf_request_rc(): invalid type
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:09:34 pille kernel: rsbac_adf_request(): request CLONE, pid
454, ppid 443, prog_name usb.agent, uid 0, audit_uid 0, target_type
PROCESS, tid 454, attr none, value 0, result NOT_GRANTED (Softmode) by RC
Nov 23 13:09:34 pille kernel: rsbac_adf_set_attr_rc(): invalid type
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:09:34 pille kernel: rsbac_adf_set_attr(): request CLONE, pid
454, target_type PROCESS, tid 454, new_target_type PROCESS, new_tid 456,
attr none, value 0, error -1018
Nov 23 13:09:34 pille kernel: do_fork() [sys_fork(), sys_clone()]:
rsbac_adf_set_attr() returned error!
Nov 23 13:09:34 pille kernel: rsbac_adf_request_rc(): invalid type
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:09:34 pille kernel: rsbac_adf_request(): request CLONE, pid
443, ppid 426, prog_name usb.agent, uid 0, audit_uid 0, target_type
PROCESS, tid 443, attr none, value 0, result NOT_GRANTED (Softmode) by RC
The error messages of the second try:
Nov 23 13:12:39 pille kernel: rsbac_adf_request_rc(): invalid type
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request CLONE, pid
1613, ppid 1602, prog_name bash, uid 0, audit_uid 0, target_type
PROCESS, tid 1613, attr none, value 0, result NOT_GRANTED (Softmode) by RC
Nov 23 13:12:39 pille kernel: rsbac_adf_set_attr_rc(): invalid type
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:12:39 pille kernel: rsbac_adf_set_attr(): request CLONE, pid
1613, target_type PROCESS, tid 1613, new_target_type PROCESS, new_tid
1939, attr none, value 0, error -1018
Nov 23 13:12:39 pille kernel: do_fork() [sys_fork(), sys_clone()]:
rsbac_adf_set_attr() returned error!
Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request
MODIFY_SYSTEM_DATA, pid 1613, ppid 1602, prog_name bash, uid 0,
audit_uid 0, target_type PROCESS, tid 1939, attr kernel_thread, value 0,
result NOT_GRANTED (Softmode) by ACL
Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request
MODIFY_SYSTEM_DATA, pid 1939, ppid 1613, prog_name bash, uid 0,
audit_uid 0, target_type PROCESS, tid 1939, attr kernel_thread, value 0,
result NOT_GRANTED (Softmode) by ACL
After rebooting with RSBAC 1.2.2 everything works fine again.
Is there an explanation, why RSBAC 1.2.4 (RSBAC 1.2.3 showed the same
behaviour) isn't able to read the previous configuration ?
Thank you in advance.
Kind Regards.
Patrique Wolfrum
--
Patrique Wolfrum
Administrator - Fakultätsserver
Albert-Ludwigs-Universität Freiburg im Breisgau
Institut für allgemeine Wirtschaftsforschung
Abteilung für Wirtschaftsinformatik
Kollegiengebäude II
Platz der Alten Synagoge
79085 Freiburg
Tel.: 0761 - 203-2397
More information about the rsbac
mailing list