[rsbac] / in ramdisk
Amon Ott
ott at compuniverse.de
Fri Sep 3 22:38:34 CEST 2004
On Donnerstag, 9. September 2004 13:11 quoth Martin Heyer:
> Am Donnerstag, 9. September 2004 03:44 schrieb Bencsath Boldizsar:
> Thanks for the fast reply.
> I also thought about this possibility but, I don't have a good feeling with
> this.
> Generally rsbac prohibits i.e. uid-changes as long as I do not allow them
> explicitly. Imagine what happens if the evil root-user manages to kill my
> setup-script. => Normally rsbac were up allowing nothing.OK But in the
> latter case rsbac runs softmode forever :((
> The harddisk is mounted on /hdd.
> My problem was that rsbac "forgets" its config (+AUTH_MAY_SUID) for a file
> (my 400wrapper) on the harddisk. Doesn't it save everything for /hdd/... in
> /hdd/rsbac.dat (the one that survives reboot) or does it also save those
> things in /rsbac.dat (the one that doesn't)?
Generally, the attribute must be saved on the harddisk partition, if it is
mounted with write access. If this does not work, it is a bug.
Did you try initializing RSBAC with the hard disk partition on hdd as root
filesystem, using delayed init with kernel param
rsbac_delayed_root=22:65
(65 for hdd1)?
In that case, all settings including roles etc. should be saved to your hard
disk.
Amon.
More information about the rsbac
mailing list