[rsbac] Can't boot with hardened RSBAC/PaX-Kernel -- Configuration problem
Michael Decker
MDecker at tesis.de
Fri Jul 7 09:51:26 CEST 2006
I'll try to exclude some possible problem causes...
My USE-Settings:
--- SNIP ---
USE="-gtk -kde -qt -X -gnome -motif hardened pic"
--- SNAP ---
My Kernel-Setttings:
--- SNIP --
Whole standard configuration from:
http://www.gentoo.org/proj/en/hardened/rsbac/quickstart.xml
http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
http://gentoo-wiki.com/SECURITY_Encrypting_Root_Filesystem_with_DM-Crypt_with_LUKS
And this additional settings:
File systems --->
<*> Reiserfs support
[ ] Enable reiserfs debug mode (NEW)
[ ] Stats in /proc/fs/reiserfs (NEW)
[*] ReiserFS extended attributes
Cryptographic options --->
[*] Cryptographic API
[*] HMAC support
<*> SHA1 digest algorithm
<*> SHA256 digest algorithm
<*> SHA384 and SHA512 digest algorithms
<*> Blowfish cipher algorithm
<*> AES cipher algorithms (i586)
Rule Set Based Access Control (RSBAC) --->
User Management --->
(8) Minimum password length
Rule Set Based Access Control (RSBAC) --->
Decision module (policy) options --->
[*] RSBAC support for AUTH policy (NEW)
AUTH Policy Options --->
[*] AUTH module and attribute protection (NEW)
[*] Protect switching of other modules
[*] AUTH learning mode support
Rule Set Based Access Control (RSBAC) --->
Decision module (policy) options --->
[*] RSBAC support for RC policy (NEW)
RC Policy Options --->
[*] RC protection for AUTH module (NEW)
[*] RC protection for User Management (NEW)
[*] RC protection for GENeral attributes (NEW)
[*] RC network device protection (NEW)
[*] RC network object protection (NEW)
[*] RC check access to UNIX partner process (NEW)
Rule Set Based Access Control (RSBAC) --->
Decision module (policy) options --->
[ ] RSBAC support for ACL policy
[ ] RSBAC support for MAC policy (NEW)
[ ] RSBAC support for PAX policy (NEW)
[*] RSBAC support for DAZuko policy
DAZ Policy Options --->
[*] Cache scanning results (NEW)
(604800) Scanning result lifetime in seconds
Rule Set Based Access Control (RSBAC) --->
Decision module (policy) options --->
[ ] RSBAC support for Linux Caps (CAP) policy
[ ] RSBAC support for JAIL policy
[ ] RSBAC support for System Resources (RES) policy
[ ] RSBAC support for FF policy
[ ] RSBAC support for PM policy (NEW)
Rule Set Based Access Control (RSBAC) --->
Other RSBAC options --->
[*] Support secure_delete
[*] Intercept sys_read and sys_write
[*] Intercept Semaphore IPC operations
[*] Control DAC process owner (seteuid, setfsuid)
[*] Hide processes in /proc
[*] Support freezing of RSBAC configuration
[*] RSBAC check sys_syslog
--- SNAP ---
Could there an error?
Thank you for your time...
Michael
--
Michael Decker Michael.Decker at tesis.de
TESIS SYSware GmbH http://www.tesis.de
Baierbrunnerstr. 15 * 81379 Muenchen * Tel. +49 89 747377-0
More information about the rsbac
mailing list