[rsbac] kernel with cap module does not boot
Jens Kasten
igraltist at rsbac.org
Sat Jul 9 03:10:10 CEST 2011
Hi list,
I try the rsbac kernel from git 2.6.38.y with follow revision:
commit 572a5f205fa6b7edc3e42c692b4db334cff2a07d
My setup is on a kvm-qemu guest.
cryptsetup + luks + root-partition ext4
Problem:
When I configure the kernel to use the rsbac CAP module the kernel hangs
short time after rsbac is initialized with full cpu using.
See file rsbac_with_cap_only what I have enabled in rsbac.
The kernel without CAP does not show the last issue, when using
cryptsetup + luks + ext4.
Small typo in include/rsbac/um.h:
Last modified: 19/Apt/2011
Grüsse
Jens
-------------- next part --------------
CONFIG_RSBAC=y
# General RSBAC options
# CONFIG_RSBAC_INIT_THREAD is not set
CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
# CONFIG_RSBAC_NO_WRITE is not set
# CONFIG_RSBAC_MSDOS_WRITE is not set
CONFIG_RSBAC_AUTO_WRITE=5
CONFIG_RSBAC_RCU_RATE=1000
CONFIG_RSBAC_LIST_MAX_HASHES=128
CONFIG_RSBAC_LIST_CHECK_INTERVAL=1800
CONFIG_RSBAC_LIST_STATS=y
CONFIG_RSBAC_LIST_TRANS=y
CONFIG_RSBAC_LIST_TRANS_MAX_TTL=3600
CONFIG_RSBAC_LIST_TRANS_RANDOM_TA=y
# CONFIG_RSBAC_FD_CACHE is not set
CONFIG_RSBAC_DEBUG=y
# CONFIG_RSBAC_DEV_USER_BACKUP is not set
CONFIG_RSBAC_SECOFF_UID=400
CONFIG_RSBAC_INIT_DELAY=y
CONFIG_RSBAC_GEN_NR_P_LISTS=4
# CONFIG_RSBAC_UM is not set
# RSBAC networking options
# CONFIG_RSBAC_NET is not set
# CONFIG_RSBAC_MAINT is not set
# CONFIG_RSBAC_REG is not set
# CONFIG_RSBAC_AUTH is not set
# CONFIG_RSBAC_RC is not set
# CONFIG_RSBAC_ACL is not set
# CONFIG_RSBAC_MAC is not set
# CONFIG_RSBAC_DAZ is not set
CONFIG_RSBAC_CAP=y
CONFIG_RSBAC_CAP_PROC_HIDE=y
CONFIG_RSBAC_CAP_AUTH_PROT=y
CONFIG_RSBAC_CAP_LOG_MISSING=y
CONFIG_RSBAC_CAP_LEARN=y
CONFIG_RSBAC_CAP_LEARN_TA=0
# CONFIG_RSBAC_JAIL is not set
# CONFIG_RSBAC_RES is not set
# CONFIG_RSBAC_FF is not set
# CONFIG_RSBAC_PM is not set
CONFIG_RSBAC_SOFTMODE=y
# CONFIG_RSBAC_SOFTMODE_SYSRQ is not set
CONFIG_RSBAC_SOFTMODE_IND=y
CONFIG_RSBAC_SWITCH=y
CONFIG_RSBAC_SWITCH_ON=y
CONFIG_RSBAC_SWITCH_BOOT_OFF=y
CONFIG_RSBAC_SWITCH_CAP=y
CONFIG_RSBAC_IND_LOG=y
CONFIG_RSBAC_IND_USER_LOG=y
CONFIG_RSBAC_IND_PROG_LOG=y
CONFIG_RSBAC_LOG_PROGRAM_FILE=y
CONFIG_RSBAC_LOG_FULL_PATH=y
CONFIG_RSBAC_MAX_PATH_LEN=512
# CONFIG_RSBAC_LOG_PSEUDO is not set
CONFIG_RSBAC_SYSLOG_RATE=y
CONFIG_RSBAC_SYSLOG_RATE_DEF=1000
CONFIG_RSBAC_RMSG=y
CONFIG_RSBAC_RMSG_MAXENTRIES=200
CONFIG_RSBAC_RMSG_NOSYSLOG=y
# CONFIG_RSBAC_LOG_REMOTE is not set
# CONFIG_RSBAC_SYM_REDIR is not set
# CONFIG_RSBAC_ALLOW_DAC_DISABLE is not set
# Other RSBAC options
# CONFIG_RSBAC_SECDEL is not set
# CONFIG_RSBAC_RW is not set
# CONFIG_RSBAC_IPC_SEM is not set
# CONFIG_RSBAC_DAC_OWNER is not set
# CONFIG_RSBAC_DAC_GROUP is not set
# CONFIG_RSBAC_PROC_HIDE is not set
# CONFIG_RSBAC_FSOBJ_HIDE is not set
# CONFIG_RSBAC_FREEZE is not set
# CONFIG_RSBAC_SYSLOG is not set
# CONFIG_RSBAC_IOCTL is not set
# CONFIG_RSBAC_USER_CHOWN is not set
# CONFIG_RSBAC_DAT_VISIBLE is not set
# CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set
# CONFIG_RSBAC_ENFORCE_CLOSE is not set
# CONFIG_RSBAC_USER_MOD_IOPERM is not set
# CONFIG_RSBAC_FAKE_ROOT_UID is not set
# CONFIG_RSBAC_XSTATS is not set
More information about the rsbac
mailing list