Válasz: Re: [rsbac] Boot Role question

gabor.horvath at konicaminolta.hu gabor.horvath at konicaminolta.hu
Fri Apr 7 10:09:37 CEST 2006


Thank you, that's very good. Though I thought forcing a role to e.g. rcS 
is inefficient 'cause only binaries can change their role not scripts. Or 
did I miss something?

Gábor Horváth 
mailto:gabor.horvath at konicaminolta.hu





Amon Ott <ao at rsbac.org>
Feladó: rsbac-bounces at rsbac.org
2006.04.07 09:53
Kérem, válaszoljon ennek a személynek: RSBAC Discussion and Announcements
 
       Címzett:         RSBAC Discussion and Announcements 
<rsbac at rsbac.org>
         Másolat: 
             Tárgy:     Re: [rsbac] Boot Role question


On Freitag 07 April 2006 08:38, gabor.horvath at konicaminolta.hu wrote:
> I'd appreciate if someone could answer my questions. Former I used 
wrapper 
> roles to start the rsbac system. They worked OK. Now I want to test 
the 
> boot role to reduce the number of necessary 'wrapper' roles.
> 
> 1. When does the run of the boot role end? I mean if it starts 
anything 
> which doesn't have a force role then it will run with Boot Role, 
won't it?

Exactly. I recommend a global "System Setup" role as force role on rcS 
etc., so that only kernel threads and init run with boot role.

> 2. How can I be sure that all process with boot role ended?

I have a little script for secoff to show all roles:

ps ax|cut -c 1-6,28-|while read pid name
do
  echo -n $pid $name": "
  attr_get_process RC $pid rc_role
done

Once in a while I use it to check that all roles are as expected. BTW, 
I have a similar one for jails:

ps ax|cut -c 1-6,28-|while read pid name
do
  echo -n $pid $name": "
  attr_get_process JAIL $pid jail_id
done


Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
_______________________________________________
rsbac mailing list
rsbac at rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac



More information about the rsbac mailing list