[rsbac] Kernel 2.4.27 + RSBAC 1.2.3 Problem
Amon Ott
ao at rsbac.org
Tue Nov 23 14:28:08 CET 2004
On Dienstag, 23. November 2004 13:40, Patrique Wolfrum wrote:
> thank you for the quick reply.
>
> >This is linux-2.4.27-rsbac-v1.2.3-bf7.tar.bz2, right?
> >
> >
> Correct.
So the bugfix against dev 00:00 has been applied. Hmm.
> >new request/target combination, GET_STATUS_DATA on NETOBJ. Could
you
> >try v1.2.4-pre3 on this system? You can disable RSBAC writing to
disk
> >to make sure nothing of your setup gets overwritten.
>
> I compiled linux-2.4.27-rsbac-v1.2.4-pre3 and the according
> rsbac-admintools (I installed them this time in /opt/rsbac-1.2.4 in
> order to not disrupt my working rsbac-1.2.2-admintool installation
> (installed in /usr/local/)). For booting I used the kernel
parameters
> 'rsbac_debug_no_write' and 'rsbac_softmode' (it would boot correctly
> without softmode). After some error messages it booted, and I was
able
> to login. After starting rsbac_menu I saw, that it was unable to
read
> any RC role and RC FD we have installed on the system (both lists
were
> empty and I was asked about an initial role).
As your tools in the correct version are not in the path coded into
rsbac_menu etc., you need to
export RSBACPATH=/opt/rsbac-1.2.4
before starting a menu. The path given here will be prepended to the
command line tool calls.
Without this setting, the v1.2.2 tools will be used - and those will
not produce usable output.
> In the first boot (without softmode) the following error messages
were
> written:
>
> Nov 23 13:09:34 pille kernel: ]: rsbac_adf_set_attr() returned
error!
> Nov 23 13:09:34 pille kernel: rsbac_adf_request_rc(): invalid type
> use_new_role_def_create in def_process_create_type of role 2!
> Nov 23 13:09:34 pille kernel: rsbac_adf_request(): request CLONE,
pid
> 454, ppid 443, prog_name usb.agent, uid 0, audit_uid 0, target_type
> PROCESS, tid 454, attr none, value 0, result NOT_GRANTED (Softmode)
by RC
This is OK, the def_process_create_value defaulted to a meaningless
value before v1.2.3. Just change it to inherit_process, which is
internally used in this error case.
> Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request
> MODIFY_SYSTEM_DATA, pid 1613, ppid 1602, prog_name bash, uid 0,
> audit_uid 0, target_type PROCESS, tid 1939, attr kernel_thread,
value 0,
> result NOT_GRANTED (Softmode) by ACL
> Nov 23 13:12:39 pille kernel: rsbac_adf_request(): request
> MODIFY_SYSTEM_DATA, pid 1939, ppid 1613, prog_name bash, uid 0,
> audit_uid 0, target_type PROCESS, tid 1939, attr kernel_thread,
value 0,
> result NOT_GRANTED (Softmode) by ACL
This is a new request (see
http://www.rsbac.org/documentation/upgrading.php#v1.2.3).
> After rebooting with RSBAC 1.2.2 everything works fine again.
Good.
> Is there an explanation, why RSBAC 1.2.4 (RSBAC 1.2.3 showed the
same
> behaviour) isn't able to read the previous configuration ?
I am quite sure it did read the configuration. Please also
check /proc/rsbac-info/stats and .../stats_rc.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: signature
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20041123/fa49c349/attachment.bin
More information about the rsbac
mailing list