[rsbac] rsbac_init goes RSBAC_EINVALIDREQUEST with devicemapper

Palon Setin palons at danwin1210.me
Thu Dec 6 11:58:00 CET 2018 


Jens Kasten:
> Maybe I was wrong. If you like you can join irc on freenode.org channel
> rsbac.
You were. See below (and my other --forwarded (I mis-sent it
yesterday)-- mail that came to the list some 30 minutes ago).

( Thanks for the reply! )

> But you need a bit patience for reply but when someone is in the channel
> its going fast.

Patience is fine. And ML may be more useful to other users... Unless you
keep record of IRC conversations for later perusal in public.

However, I will try IRC in case I get stuck, and do not get a reply for
longer.

( more further below also on where I am stuck a little right now... )
> 
> Am 05.12.2018 21:11, schrieb Jens Kasten:
>> Hello,
>>
>> you have to enable initrd support in kernel configuration in rsbac
>> section.

It was:
CONFIG_RSBAC_INIT_DELAY=y
that solved my issue.

My current issue is:
I don't have a secoff, and am unable to find how I am supposed to create
it, all the details on that...

The only place I was able to find some indication where it might be
explained is:

https://wiki.gentoo.org/wiki/RSBAC/Quickstart

> root #emerge --ask rsbac-admin
>
> Once emerged, the package will have created a new user account on your
> system (secoff, with uid 400). He will become the security
> administrator during the first boot. This is the only user, who is
> able to change the RSBAC configuration. He will commonly be called the
 > Security Officer
> Important
> Please set-up a secure password for the secoff user.

But familiarity with Gentoo I'm missing... I might need to find their
scripts and see how they do it (did it, they said the project was dead
in some links, because the main dev was missing, it's unclear if he
really returned in the meantime)...

And I'd like to set up logging as per:

https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng

except on Debian systems it is rsyslog, not syslog-ng.

https://www.rsbac.org/?do=search&id=secoff+create
returns nothing, and neither does:
https://www.rsbac.org/?do=search&id=secoff

How exactly do I create secoff uid 400 ...

Regards!
Palon Setin

More information about the rsbac mailing list