Válasz: Re: [rsbac] Boot Role question
gabor.horvath at konicaminolta.hu
gabor.horvath at konicaminolta.hu
Fri Apr 7 10:09:37 CEST 2006
Thank you, that's very good. Though I thought forcing a role to e.g. rcS
is inefficient 'cause only binaries can change their role not scripts. Or
did I miss something?
Gábor Horváth
mailto:gabor.horvath at konicaminolta.hu
Amon Ott <ao at rsbac.org>
Feladó: rsbac-bounces at rsbac.org
2006.04.07 09:53
Kérem, válaszoljon ennek a személynek: RSBAC Discussion and Announcements
Címzett: RSBAC Discussion and Announcements
<rsbac at rsbac.org>
Másolat:
Tárgy: Re: [rsbac] Boot Role question
On Freitag 07 April 2006 08:38, gabor.horvath at konicaminolta.hu wrote:
> I'd appreciate if someone could answer my questions. Former I used
wrapper
> roles to start the rsbac system. They worked OK. Now I want to test
the
> boot role to reduce the number of necessary 'wrapper' roles.
>
> 1. When does the run of the boot role end? I mean if it starts
anything
> which doesn't have a force role then it will run with Boot Role,
won't it?
Exactly. I recommend a global "System Setup" role as force role on rcS
etc., so that only kernel threads and init run with boot role.
> 2. How can I be sure that all process with boot role ended?
I have a little script for secoff to show all roles:
ps ax|cut -c 1-6,28-|while read pid name
do
echo -n $pid $name": "
attr_get_process RC $pid rc_role
done
Once in a while I use it to check that all roles are as expected. BTW,
I have a similar one for jails:
ps ax|cut -c 1-6,28-|while read pid name
do
echo -n $pid $name": "
attr_get_process JAIL $pid jail_id
done
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
_______________________________________________
rsbac mailing list
rsbac at rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list