Válasz: Re: [rsbac] Boot Role question

gabor.horvath at konicaminolta.hu gabor.horvath at konicaminolta.hu
Fri Apr 7 10:09:37 CEST 2006

Thank you, that's very good. Though I thought forcing a role to e.g. rcS 
is inefficient 'cause only binaries can change their role not scripts. Or 
did I miss something?

Gábor Horváth 
mailto:gabor.horvath at konicaminolta.hu

Amon Ott <ao at rsbac.org>
Feladó: rsbac-bounces at rsbac.org
2006.04.07 09:53
Kérem, válaszoljon ennek a személynek: RSBAC Discussion and Announcements
       Címzett:         RSBAC Discussion and Announcements 
<rsbac at rsbac.org>
             Tárgy:     Re: [rsbac] Boot Role question

On Freitag 07 April 2006 08:38, gabor.horvath at konicaminolta.hu wrote:
> I'd appreciate if someone could answer my questions. Former I used 
> roles to start the rsbac system. They worked OK. Now I want to test 
> boot role to reduce the number of necessary 'wrapper' roles.
> 1. When does the run of the boot role end? I mean if it starts 
> which doesn't have a force role then it will run with Boot Role, 
won't it?

Exactly. I recommend a global "System Setup" role as force role on rcS 
etc., so that only kernel threads and init run with boot role.

> 2. How can I be sure that all process with boot role ended?

I have a little script for secoff to show all roles:

ps ax|cut -c 1-6,28-|while read pid name
  echo -n $pid $name": "
  attr_get_process RC $pid rc_role

Once in a while I use it to check that all roles are as expected. BTW, 
I have a similar one for jails:

ps ax|cut -c 1-6,28-|while read pid name
  echo -n $pid $name": "
  attr_get_process JAIL $pid jail_id

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
rsbac mailing list
rsbac at rsbac.org

More information about the rsbac mailing list