[rsbac] RSBAC and Linux distribution upgrades

Patrique Wolfrum Patrique.Wolfrum at vwl.uni-freiburg.de
Tue May 31 09:42:17 CEST 2005


Hello,

>This only happens, if rc_get_item was unable to read the list of 
>roles. Does /proc/rsbac-info/stats_rc show correct numbers of roles 
>and types?
>  
>
In /proc/rsbac-info/stats_rc:

Role entry size is 52, 38 entries used
Used type entries: fd: 63, dev: 4, ipc: 3, user: 3, process: 16, group:
1, netdev: 3, betemp: 3, netobj: 3

Looks good so far.

>This looks like there was a problem with system call numbers. Are you 
>sure you compiled the tools against the correct kernel sources, after 
>at least starting a kernel compile? Is it possible that you have an 
>old and incompatible version of the tools or the librsbac lying 
>around somewhere?
>  
>
After upgrading the distribution, I first compiled the new kernel
(prepatched kernel 2.6.11-rsbac-v1.2.4-20050412), then the rsbac-admintools.

To be on the safe side, I removed now each backup of the admin-tools or
the libraries and also every older kernel-sources on the system
(/usr/src/linux points to the new 2.6.11 kernel). Recompiling the
admin-tools didn't bring an advancement though.

Now, the RSBAC-errormessage, that is for example shown when  trying to
access "Type comp FD" in the RC-submenu of rsbac_admin, is:
RSBAC_EINVALIDTARGET (or in other rsbac_admin options RSBAC_EINVALIDVALUE)

>>After several kernel-recompilations and reinstallations of the
>>admin-tools I am now quite at a loss.
>>    
>>
>
>First we need to know whether the kernel has correct data (from /proc 
>interface). Just to make sure: This is i386 arch? I cannot remember 
>ATM.
>  
>
The used architecture is i386 (the system is a Intel Celeron 2.8 on a
ASUS P4C800 mainboard).

Perhaps this excerpt of /var/log/boot.msg can be of help:
------------------------------------------------------------------------------------------------------------------------------------------------------------------
<4>rsbac_mount(): RSBAC not initialized while mounting DEV 00:12, delaying
<4>rsbac_mount(): RSBAC not initialized while mounting DEV 00:00, delaying
<4>rsbac_mount(): sysfs mount detected, keeping values for later use
<4>rsbac_umount(): RSBAC not initialized
<4>rsbac_umount(): sysfs umount detected, removing auto-mount values
<6>EXT3-fs: mounted filesystem with ordered data mode.
<6>rsbac_mount(): forcing delayed RSBAC init on DEV 03:05!
<6>rsbac_init(): Setting init timeout to 60 seconds (60000 jiffies).
<6>rsbac_init(): Started rsbac_initd thread with pid 541
<6>kjournald starting.  Commit interval 5 seconds
<6>rsbac_initd(): Initializing.
<6>rsbac_do_init(): Initializing RSBAC v1.2.4 (Maintenance Mode)
<6>rsbac_do_init(): Supported module data structures: REG FF RC AUTH ACL
CAP JAIL RES
<6>rsbac_do_init(): Initializing memory slabs
<6>rsbac_do_init(): Registering RSBAC proc dir
<6>rsbac_do_init(): Initializing generic lists
<6>rsbac_list_init(): Registering transaction list.
<6>rsbac_init_debug(): Initializing
<6>rsbac_do_init(): reading FD attributes from root dev
<6>rsbac_init_rc(): Initializing RSBAC: RC subsystem
<4>read_lol_list(): converting list version 1 of file rc_tcus on device
03:05 to version 2!
<6>rsbac_init_auth(): Initializing RSBAC: AUTH subsystem
<6>rsbac_init_acl(): Initializing RSBAC: ACL subsystem
<4>read_list(): converting list version 1 of file acluser.df on device
03:05 to version 2!
<4>rsbac_init_acl(): Group list empty on dev 03:05!
<4>rsbac_init_acl(): Group membership list empty on dev 03:05!
<6>rsbac_reg_init(): Initializing RSBAC: REG module and syscall registration
<6>rsbac_do_init(): Forcing consistency check.
<6>rsbac_check(): Device 03:05 has 22 file/dir items (0 removed due to
bad inodes)
<6>rsbac_check(): Sum of 1 Devices with 22 fd-items
<6>rsbac_check_auth(): Device 03:05 has 0 file/dir AUTHs (0 removed (0
bad inodes, 0 dtimed inodes, 0 had no members and default mask), 0
unlinked inodes)
<6>rsbac_check_auth(): Sum of 1 Devices with 0 file/dir AUTHs
<6>rsbac_check_auth(): Total of 0 registered auth items
<6>rsbac_check_acl(): 0 group membership items
<6>rsbac_check_acl(): 0 group items
<6>rsbac_check_acl(): Device 03:05 has 0 file/dir ACLs (0 removed (0 bad
inodes, 0 dtimed inodes, 0 had no members and default mask), 0 unlinked
inodes)
<6>rsbac_check_acl(): Sum of 1 Devices with 0 file/dir ACLs
<6>rsbac_check_acl(): 0 device items
<6>rsbac_check_acl(): 16 SCD items
<6>rsbac_check_acl(): 0 user items
<6>rsbac_check_acl(): 0 network device items
<6>rsbac_check_acl(): 0 network template NT items
<6>rsbac_check_acl(): 0 network template items
<6>rsbac_check_acl(): 0 network object items
<6>rsbac_check_acl(): Total of 16 registered ACLs
<6>rsbac_do_init(): Ready.
<6>rsbac_initd(): Exiting.
<6>rsbac_init(): Started rsbacd thread with pid 542
<6>rsbac_init(): Adjusting attributes of existing processes
<6>rsbac_init(): Ready.
<6>rsbac_get_attr(): auto-mounting device 00:01
<4>VFS: Mounted root (ext3 filesystem) readonly.
<6>rsbac_get_attr(): auto-mounting device 00:12
<6>rsbacd(): Initializing.
<6>Freeing unused kernel memory: 212k freed
<6>rsbac_get_attr(): auto-mounting device 00:00
<6>rsbac_get_super_block(): auto-mounting device 00:05
<6>rsbac_mount: repeated mount 1 of device 00:00
<4>rsbac_mount: replacing NULL d_covers with new value c164a8d4 as
inheritance parent
<4>rsbac_mount_auth: repeated mount 1 of device 00:00
<6>rsbac_mount_acl: repeated mount 1 of device 00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thank you very much in advance.

Kind regards.
    Patrique Wolfrum

-- 
Patrique Wolfrum
Administrator - Fakultätsserver

Albert-Ludwigs-Universität Freiburg im Breisgau
Institut für allgemeine Wirtschaftsforschung
Abteilung für Wirtschaftsinformatik
Kollegiengebäude II
Platz der Alten Synagoge
79085 Freiburg

Tel.: 0761 - 203-2397 



More information about the rsbac mailing list