[rsbac] Re: How to upgrade

[Guillaume Destuynder]

Thomas Mueller wrote:

>>>the new one.
>>>      
>>>
>>AFAIK you have to use admin-tools with the same release number
>>as the patch to te kernel.
>>    
>>
>
>The 'Installation and Administration Instructions' say that I don't need
>any admin-tools to boot? Is this only true for the first boot?
>
>  
>
You need to have the same release of the tools/precompiled kernel patch 
to compile the tools. But, you don't need the tools to actually boot. 
(This said, you won't be able to do anything RSBAC related without the 
tools then :)

AFAIK past 1.0.9b you don't really have to care that much if you have 
1.2.3 tools installed with kernel 1.2.4 or even 1.2.3 kernel with 1.2.4 
tools before reboot, *BUT* you won't be able to use the tools or compile 
them if versions do not match.
What I did for upgrade 1.2.3=>1.2.4 was:
- updating kernel to 1.2.4, installing it and preparing lilo/grub for 
reboot on 1.2.4. My 1.2.4 kernel resides in /usr/src/linux.
- updating tools to 1.2.4 (it needs the kernel to be installed and 
pre-compiled in /usr/src/linux)
- rebooting
- everything is up with 1.2.4

>Administration Tools -> Installation:
>The administration tools in the rsbac-admin-*.tar.gz file can be
>extracted into any directory, e.g. /root/rsbac, by typing tar xvzf
>rsbac-admin-*.tar.gz.
>----
>
>So if rsbac-admin can be located anywhere it can't be found and can't be
>necessary?
>  
>

Yes and no. AFAIK, RSBAC will come up in most cases without the tools 
installed if your system is either setup or you use the right kernel 
flags (althought booting RSBAC without the tools would be kind of silly)
But, your system will not find the tools in /root/rsbac or some path 
like that of course. What was meant in that document, is that you can 
extract the admin tools archive anywhere and either compiled/installe 
them from there or if that are binaries execute them from there 
(./toolname) but the later is IMHO not recommanded.
Please anyone correct me if i'm wrong here.


kang