[rsbac] Kernel 2.4.27 + RSBAC 1.2.3 Problem

Patrique Wolfrum Patrique.Wolfrum at vwl.uni-freiburg.de
Tue Nov 23 13:40:44 CET 2004 

Hello,

thank you for the quick reply.

>This is linux-2.4.27-rsbac-v1.2.3-bf7.tar.bz2, right?
>  
>
Correct.

>new request/target combination, GET_STATUS_DATA on NETOBJ. Could you 
>try v1.2.4-pre3 on this system? You can disable RSBAC writing to disk 
>to make sure nothing of your setup gets overwritten.
>  
>
I tried that.

I compiled linux-2.4.27-rsbac-v1.2.4-pre3 and the according 
rsbac-admintools (I installed them this time in /opt/rsbac-1.2.4 in 
order to not disrupt my working rsbac-1.2.2-admintool installation 
(installed in /usr/local/)). For booting I used the kernel parameters 
'rsbac_debug_no_write' and 'rsbac_softmode' (it would boot correctly 
without softmode). After some error messages it booted, and I was able 
to login. After starting rsbac_menu I saw, that it was unable to read 
any RC role and RC FD we have installed on the system (both lists were 
empty and I was asked about an initial role).

In the first boot (without softmode) the following error messages were 
written:

Nov 23 13:09:34 pille kernel: klogd 1.4.1, log source = /proc/kmsg started.
Nov 23 13:09:34 pille kernel: Cannot find map file.
Nov 23 13:09:34 pille kernel: No module symbols loaded - kernel modules 
not enabled.
Nov 23 13:09:34 pille kernel: Cannot build symbol table - disabling 
symbol lookups
Nov 23 13:09:34 pille kernel: ]: rsbac_adf_set_attr() returned error!
Nov 23 13:09:34 pille kernel: rsbac_adf_request_rc(): invalid type 
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:09:34 pille kernel: rsbac_adf_request(): request CLONE, pid 
454, ppid 443, prog_name usb.agent, uid 0, audit_uid 0, target_type 
PROCESS, tid 454, attr none, value 0, result NOT_GRANTED (Softmode) by RC
Nov 23 13:09:34 pille kernel: rsbac_adf_set_attr_rc(): invalid type 
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:09:34 pille kernel: rsbac_adf_set_attr(): request CLONE, pid 
454, target_type PROCESS, tid 454, new_target_type PROCESS, new_tid 456, 
attr none, value 0, error -1018
Nov 23 13:09:34 pille kernel: do_fork() [sys_fork(), sys_clone()]: 
rsbac_adf_set_attr() returned error!
Nov 23 13:09:34 pille kernel: rsbac_adf_request_rc(): invalid type 
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:09:34 pille kernel: rsbac_adf_request(): request CLONE, pid 
443, ppid 426, prog_name usb.agent, uid 0, audit_uid 0, target_type 
PROCESS, tid 443, attr none, value 0, result NOT_GRANTED (Softmode) by RC

The error messages of the second try:

Nov 23 13:12:39 pille kernel: rsbac_adf_request_rc(): invalid type 
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request CLONE, pid 
1613, ppid 1602, prog_name bash, uid 0, audit_uid 0, target_type 
PROCESS, tid 1613, attr none, value 0, result NOT_GRANTED (Softmode) by RC
Nov 23 13:12:39 pille kernel: rsbac_adf_set_attr_rc(): invalid type 
use_new_role_def_create in def_process_create_type of role 2!
Nov 23 13:12:39 pille kernel: rsbac_adf_set_attr(): request CLONE, pid 
1613, target_type PROCESS, tid 1613, new_target_type PROCESS, new_tid 
1939, attr none, value 0, error -1018
Nov 23 13:12:39 pille kernel: do_fork() [sys_fork(), sys_clone()]: 
rsbac_adf_set_attr() returned error!
Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request 
MODIFY_SYSTEM_DATA, pid 1613, ppid 1602, prog_name bash, uid 0, 
audit_uid 0, target_type PROCESS, tid 1939, attr kernel_thread, value 0, 
result NOT_GRANTED (Softmode) by ACL
Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request 
MODIFY_SYSTEM_DATA, pid 1939, ppid 1613, prog_name bash, uid 0, 
audit_uid 0, target_type PROCESS, tid 1939, attr kernel_thread, value 0, 
result NOT_GRANTED (Softmode) by ACL

After rebooting with RSBAC 1.2.2 everything works fine again.

Is there an explanation, why RSBAC 1.2.4 (RSBAC 1.2.3 showed the same 
behaviour) isn't able to read the previous configuration ?

Thank you in advance.

Kind Regards.
    Patrique Wolfrum

-- 
Patrique Wolfrum
Administrator - Fakultätsserver

Albert-Ludwigs-Universität Freiburg im Breisgau
Institut für allgemeine Wirtschaftsforschung
Abteilung für Wirtschaftsinformatik
Kollegiengebäude II
Platz der Alten Synagoge
79085 Freiburg

Tel.: 0761 - 203-2397

More information about the rsbac mailing list