[rsbac] Boot Role question
Amon Ott
ao at rsbac.org
Fri Apr 7 09:53:17 CEST 2006
On Freitag 07 April 2006 08:38, gabor.horvath at konicaminolta.hu wrote:
> I'd appreciate if someone could answer my questions. Former I used
wrapper
> roles to start the rsbac system. They worked OK. Now I want to test
the
> boot role to reduce the number of necessary 'wrapper' roles.
>
> 1. When does the run of the boot role end? I mean if it starts
anything
> which doesn't have a force role then it will run with Boot Role,
won't it?
Exactly. I recommend a global "System Setup" role as force role on rcS
etc., so that only kernel threads and init run with boot role.
> 2. How can I be sure that all process with boot role ended?
I have a little script for secoff to show all roles:
ps ax|cut -c 1-6,28-|while read pid name
do
echo -n $pid $name": "
attr_get_process RC $pid rc_role
done
Once in a while I use it to check that all roles are as expected. BTW,
I have a similar one for jails:
ps ax|cut -c 1-6,28-|while read pid name
do
echo -n $pid $name": "
attr_get_process JAIL $pid jail_id
done
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list