[rsbac] Can't boot with hardened RSBAC/PaX-Kernel -- Configuration problem

Fri Jul 7 09:51:26 CEST 2006

I'll try to exclude some possible problem causes...

My USE-Settings:
	--- SNIP ---
USE="-gtk -kde -qt -X -gnome -motif hardened pic"
	--- SNAP ---

My Kernel-Setttings:
	--- SNIP --
Whole standard configuration from:

http://www.gentoo.org/proj/en/hardened/rsbac/quickstart.xml
http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
http://gentoo-wiki.com/SECURITY_Encrypting_Root_Filesystem_with_DM-Crypt_with_LUKS

And this additional settings:

File systems --->
<*> Reiserfs support
[ ]   Enable reiserfs debug mode (NEW)
[ ]   Stats in /proc/fs/reiserfs (NEW)
[*]   ReiserFS extended attributes

Cryptographic options  --->
[*] Cryptographic API
[*]   HMAC support
<*>   SHA1 digest algorithm
<*>   SHA256 digest algorithm
<*>   SHA384 and SHA512 digest algorithms
<*>   Blowfish cipher algorithm
<*>   AES cipher algorithms (i586)

Rule Set Based Access Control (RSBAC)  --->
User Management  --->
(8)   Minimum password length

Rule Set Based Access Control (RSBAC)  --->
Decision module (policy) options  --->
[*] RSBAC support for AUTH policy (NEW)
AUTH Policy Options  --->
[*] AUTH module and attribute protection (NEW)
[*] Protect switching of other modules
[*] AUTH learning mode support

Rule Set Based Access Control (RSBAC)  --->
Decision module (policy) options  --->
[*] RSBAC support for RC policy (NEW)
RC Policy Options  --->
[*] RC protection for AUTH module (NEW)
[*] RC protection for User Management (NEW)
[*] RC protection for GENeral attributes (NEW)
[*] RC network device protection (NEW)
[*] RC network object protection (NEW)
[*]   RC check access to UNIX partner process (NEW)

Rule Set Based Access Control (RSBAC)  --->
Decision module (policy) options  --->
[ ] RSBAC support for ACL policy
[ ] RSBAC support for MAC policy (NEW)
[ ] RSBAC support for PAX policy (NEW)
[*] RSBAC support for DAZuko policy
 DAZ Policy Options  --->
[*] Cache scanning results (NEW)
(604800) Scanning result lifetime in seconds

Rule Set Based Access Control (RSBAC)  --->
Decision module (policy) options  --->
[ ] RSBAC support for Linux Caps (CAP) policy
[ ] RSBAC support for JAIL policy
[ ] RSBAC support for System Resources (RES) policy
[ ] RSBAC support for FF policy
[ ] RSBAC support for PM policy (NEW)

Rule Set Based Access Control (RSBAC)  --->
Other RSBAC options  --->
[*] Support secure_delete
[*] Intercept sys_read and sys_write
[*] Intercept Semaphore IPC operations
[*] Control DAC process owner (seteuid, setfsuid)
[*] Hide processes in /proc
[*] Support freezing of RSBAC configuration
[*] RSBAC check sys_syslog
	--- SNAP ---

Could there an error?

Thank you for your time...

Michael
-- 
Michael Decker                      Michael.Decker at tesis.de
TESIS SYSware GmbH                      http://www.tesis.de
Baierbrunnerstr. 15 * 81379 Muenchen * Tel. +49 89 747377-0