Re: UML+RSBAC = TRUE...?


From: Jörgen Sigvardsson <jorgen.sigvardsson@kau.se>
Subject: Re: UML+RSBAC = TRUE...?
Date: Fri, 9 Feb 2001 14:17:31 +0100

Next Article (by Author): weird patch? Jörgen Sigvardsson
Previous Article (by Author): Re: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Top of Thread: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Next in Thread: Re: UML+RSBAC = TRUE...? Amon Ott
Articles sorted by: [Date] [Author] [Subject]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 09 February 2001 13:53, you wrote:
> Please have a close look what syscalls are implemented under arch/um -
> those have to be intercepted. Please be careful, because some platform
> independent interceptions are in subfunctions, e.g. do_execve.
Will do that. I knew there was something more to it than this.. (it took me 
about 4 hours to do this including lunch :)

> > I am currently working on linux 2.4.0 code base since there are no
> > RSBAC-patches available for linux 2.4.1 yet. Any status on the 2.4.1
> > patch?
>
> Just uploaded, together with 1.1.1-pre3. Please try to use this version,
> because it contains some fixes and new interceptions for read-write.
I'll get to work on it as soon as I have gotten a positive boot up.
Right now the RSBAC does not work correctly. This is what I get when I boot 
up:

- ----8<----------
VFS: Mounted root (ext2 filesystem) readonly.
rsbac_mount(): RSBAC not initialized
Mounted devfs on /dev
rsbac_init(): Initializing RSBAC v1.1.1
rsbac_init(): compiled modules: FF RC AUTH REG ACL
rsbac_init(): File/Dir ACI partly not found on device 98:00!
rsbac_init(): Dev ACI could not be read!
rsbac_init(): User ACI could not be read - generating standard entries!
rsbac_init(): Registering RSBAC proc dir
rsbac_init_rc(): Initializing RSBAC: RC subsystem
rsbac_init_rc(): roles could not be sufficiently read, error RSBAC_ENOTFOUND, 
default role entries might be used!
- ----8<----------

And then hell breaks loose. (to put it mildly)
I'm currently investigating it, but if you have a hint of what may be wrong, 
I'd gladly accept the hint. I read in the docs that after 1.0.9 no 
administration prior to rsbac boot up is not needed since it would 
automagically setup ACI.

>
> Once the system seems to run fine, you can have a look into
> /proc/rsbac-info/xstats. It will show which requests actually happen, and
> which ones do not. The 0 ones that are usually not 0 mean a missing
> interception.

- -- 
Jörgen Sigvardsson, B. Sc.
Lecturer, Computer Science Dept. Karlstad University
Tel: +46-(0)54-700 1786
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6g+3rJtcD8rikkmwRAvHUAJ4uWXQbTnvDwFziBTbJpURTO9iW8ACfe3d9
Fga56hN2ziJcR0jBleWzbUE=
=cUnp
-----END PGP SIGNATURE-----
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): weird patch? Jörgen Sigvardsson
Previous Article (by Author): Re: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Top of Thread: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Next in Thread: Re: UML+RSBAC = TRUE...? Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.