Re[8]: RSBAC v1.1.1 problem

From: Keith Matthews <keith_m@sweeney.demon.co.uk>
Subject: Re[8]: RSBAC v1.1.1 problem
Date: Thu, 12 Apr 2001 21:06:42 +0100 (BST)

Next Article (by Subject): Re: Re[8]: RSBAC v1.1.1 problem Amon Ott
Previous Article (by Subject): Re: Re[6]: RSBAC v1.1.1 problem Amon Ott
Next in Thread: Re: Re[8]: RSBAC v1.1.1 problem Amon Ott
Articles sorted by: [Date] [Author] [Subject] 

On Thu, 12 Apr 2001 12:17:03 +0200 Amon Ott <Amon Ott <ao@rsbac.org>> wrote=
:


> There are several solutions to the version name problems, all of which do=
 not
> solve all requirements.
>=20
> Reqs:
> - RSBAC kernels need distinct version string, because modules might need
> additional symbols
> - The version string should only be changed, if RSBAC is enabled (reason:=
 s.a.)
> - If CONFIG_RSBAC is off, the resulting kernel must be original kernel
>=20

I think there is one extra here:

 - The version string must be available fully to any modules that are not
compiled as part of the kernel compile.

Admittedly these should be rare for security reasons. Indeed I cannot
think of any other than pcmcia-cs, but there probably are around the funny
drivers area. It would be interesting to see what Alcatel's SpeedTouch USB
DSL modem driver makes of it.

> Probs:
> - Changing EXTRAVERSION is always active, because .config gets read after
> building full version string
> - Modifying version string (as done now) gives dependency probs, because
> version.h does have a dependency entry for CONFIG_RSBAC (thus the touch
> Makefile)
>=20

i.e. it clashes with my new requirement above.

> What we could do is just add -rsbac to EXTRAVERSION and say, whoever patc=
hes in
> RSBAC means to have it on anyway. This would also remove the dependency p=
roblem.
>=20

I eventually solved the problem along these lines by adding 'r' to the
existing version string and commenting out the modified one in the
makefile. All worked fine after that, card services came up, the ethernet
driover started up, ipchains worked fine and the machine is talking to the
rest of the network.

I still have to understand how to control AUTH etc to do what I want but
that is a (very) different matter.

> The disadvantage is that you would have to build a standard kernel from a=
nother
> tree, with another 70-150 MB of disk space.
>=20

<cynical mode> With minimum HDD sizes for new disks currently at 20 Gb and =
growing would
that matter to many users.</cynical mode>


--
Keith Matthews

Frequentous Consultants  - Linux Services,=20
=09=09Oracle development & database administration


-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: Re[8]: RSBAC v1.1.1 problem Amon Ott
Previous Article (by Subject): Re: Re[6]: RSBAC v1.1.1 problem Amon Ott
Next in Thread: Re: Re[8]: RSBAC v1.1.1 problem Amon Ott
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.