Re: UML+RSBAC = TRUE...?

From: Amon Ott <ao@rsbac.org>
Subject: Re: UML+RSBAC = TRUE...?
Date: Mon, 12 Feb 2001 09:11:10 +0100

Next Article (by Date): Re: UML+RSBAC = TRUE...? Amon Ott
Previous Article (by Date): Re: weird patch? Amon Ott
Top of Thread: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Next in Thread: Re: UML+RSBAC = TRUE...? Amon Ott
Articles sorted by: [Date] [Author] [Subject] 

On Fre, 09 Feb 2001 Jörgen Sigvardsson wrote:
> > > I am currently working on linux 2.4.0 code base since there are no
> > > RSBAC-patches available for linux 2.4.1 yet. Any status on the 2.4.1
> > > patch?
> >
> > Just uploaded, together with 1.1.1-pre3. Please try to use this version,
> > because it contains some fixes and new interceptions for read-write.
> I'll get to work on it as soon as I have gotten a positive boot up.
> Right now the RSBAC does not work correctly. This is what I get when I boot 
> up:
> 
> - ----8<----------
> VFS: Mounted root (ext2 filesystem) readonly.
> rsbac_mount(): RSBAC not initialized
> Mounted devfs on /dev
> rsbac_init(): Initializing RSBAC v1.1.1
> rsbac_init(): compiled modules: FF RC AUTH REG ACL
> rsbac_init(): File/Dir ACI partly not found on device 98:00!
> rsbac_init(): Dev ACI could not be read!
> rsbac_init(): User ACI could not be read - generating standard entries!
> rsbac_init(): Registering RSBAC proc dir
> rsbac_init_rc(): Initializing RSBAC: RC subsystem
> rsbac_init_rc(): roles could not be sufficiently read, error RSBAC_ENOTFOUND, 
> default role entries might be used!
> - ----8<----------
> 
> And then hell breaks loose. (to put it mildly)

What exactly breaks loose here? As hell seems to happen during RC init, you
could try kernel parameter 'rsbac_debug_ds_rc'.

> I'm currently investigating it, but if you have a hint of what may be wrong, 
> I'd gladly accept the hint. I read in the docs that after 1.0.9 no 
> administration prior to rsbac boot up is not needed since it would 
> automagically setup ACI.

All necessary setup happens during init, when stuff is loaded. After that,
nothing is added automatically any more.

My usual procedure, if I get an early crash:

Start with a maint kernel without proc, module support and write-to-disk and
see if that one comes up.

Next, turn on proc, then write-to-disk, then the modules. From the first version
that crashes try to organize a log for me with kernel parameters 'debug' and
rsbac_debug_ds. If a crash happens during module init, rsbac_debug_<modname>
should also be tried.

After that, turn on the rest of the features. Most of them are harmless,
because they change internal behaviour.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: UML+RSBAC = TRUE...? Amon Ott
Previous Article (by Date): Re: weird patch? Amon Ott
Top of Thread: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Next in Thread: Re: UML+RSBAC = TRUE...? Amon Ott
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.