[rsbac] / in ramdisk

Amon Ott ott at compuniverse.de
Fri Sep 3 22:38:34 CEST 2004

On Donnerstag, 9. September 2004 13:11 quoth Martin Heyer:
> Am Donnerstag, 9. September 2004 03:44 schrieb Bencsath Boldizsar:
> Thanks for the fast reply.
> I also thought about this possibility but, I don't have a good feeling with
> this.
> Generally rsbac prohibits i.e. uid-changes as long as I do not allow them
> explicitly. Imagine what happens if the evil root-user manages to kill my
> setup-script. => Normally rsbac were up allowing nothing.OK But in the
> latter case rsbac runs softmode forever :((
> The harddisk is mounted on /hdd.
> My problem was that rsbac "forgets" its config (+AUTH_MAY_SUID) for a file
> (my 400wrapper) on the harddisk. Doesn't it save everything for /hdd/... in
> /hdd/rsbac.dat (the one that survives reboot) or does it also save those
> things in /rsbac.dat (the one that doesn't)?

Generally, the attribute must be saved on the harddisk partition, if it is 
mounted with write access. If this does not work, it is a bug.

Did you try initializing RSBAC with the hard disk partition on hdd as root 
filesystem, using delayed init with kernel param
(65 for hdd1)?

In that case, all settings including roles etc. should be saved to your hard 


More information about the rsbac mailing list