Re: BUGFIX: Loading kernel modules with ACL turned on

From: ao@morpork.shnet.org (A. Ott)
Subject: Re: BUGFIX: Loading kernel modules with ACL turned on
Date: 05 Oct 1999 12:27:00 +0200

Next Article (by Date): Re: Usage of RSBAC ? ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Usage of RSBAC ? Luc Stepniewski
Top of Thread: BUGFIX: Loading kernel modules with ACL turned on ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]

********* ***************** ********** ****  *****   ***** ************
  To subject BUGFIX: Loading kernel modules with ACL turned on
  ao@morpork.shnet.org (A. Ott)  wrote:
********** ******************** ******  ********  ******* *************

> Please apply the following patch to give ADD_TO_KERNEL right to root:
>
>
> --- acl_data_structures.h~	Mon Oct  4 15:39:25 1999
> +++ acl_data_structures.h	Mon Oct  4 16:05:53 1999
> @@ -101,7 +101,6 @@
>  #define RSBAC_ACL_SYSADM_SCD_OTHER_ENTRY \
>     { ACLS_USER, \
>       RSBAC_SYSADM_UID, \
> -     ( RSBAC_NONE_REQUEST_VECTOR & \
>         ( \
>            ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \
>          | ((rsbac_request_vector_t) 1 << R_MOUNT) \
> @@ -109,7 +108,6 @@
>          | ((rsbac_request_vector_t) 1 << R_UMOUNT) \
>          | ((rsbac_request_vector_t) 1 << R_SHUTDOWN) \
>         ) \
> -     ) \
>       | RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
>
>  #define RSBAC_ACL_GENERAL_P_ENTRY \

Please note that this is only a temporary workaround. The real fix is  
different, and the tools also need minor changes.

I will bring out a 1.0.9a version with other ACL fixes and (hopefully)  
kernel 2.2.13 support soon. There is no dangerous known bug, though, so  
you can safely continue using 1.0.9.

Amon.

--
Please remove second ao for E-Mail reply - no spam please!
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.