From: Jörgen Sigvardsson <jorgen.sigvardsson@kau.se>
Subject: Re: UML+RSBAC = TRUE...?
Date: Fri, 9 Feb 2001 14:17:31 +0100
Next Article (by Date): weird patch? Jörgen Sigvardsson
Previous Article (by Date): Re: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Top of Thread: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Next in Thread: Re: UML+RSBAC = TRUE...? Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 09 February 2001 13:53, you wrote: > Please have a close look what syscalls are implemented under arch/um - > those have to be intercepted. Please be careful, because some platform > independent interceptions are in subfunctions, e.g. do_execve. Will do that. I knew there was something more to it than this.. (it took me about 4 hours to do this including lunch :) > > I am currently working on linux 2.4.0 code base since there are no > > RSBAC-patches available for linux 2.4.1 yet. Any status on the 2.4.1 > > patch? > > Just uploaded, together with 1.1.1-pre3. Please try to use this version, > because it contains some fixes and new interceptions for read-write. I'll get to work on it as soon as I have gotten a positive boot up. Right now the RSBAC does not work correctly. This is what I get when I boot up: - ----8<---------- VFS: Mounted root (ext2 filesystem) readonly. rsbac_mount(): RSBAC not initialized Mounted devfs on /dev rsbac_init(): Initializing RSBAC v1.1.1 rsbac_init(): compiled modules: FF RC AUTH REG ACL rsbac_init(): File/Dir ACI partly not found on device 98:00! rsbac_init(): Dev ACI could not be read! rsbac_init(): User ACI could not be read - generating standard entries! rsbac_init(): Registering RSBAC proc dir rsbac_init_rc(): Initializing RSBAC: RC subsystem rsbac_init_rc(): roles could not be sufficiently read, error RSBAC_ENOTFOUND, default role entries might be used! - ----8<---------- And then hell breaks loose. (to put it mildly) I'm currently investigating it, but if you have a hint of what may be wrong, I'd gladly accept the hint. I read in the docs that after 1.0.9 no administration prior to rsbac boot up is not needed since it would automagically setup ACI. > > Once the system seems to run fine, you can have a look into > /proc/rsbac-info/xstats. It will show which requests actually happen, and > which ones do not. The 0 ones that are usually not 0 mean a missing > interception. - -- Jörgen Sigvardsson, B. Sc. Lecturer, Computer Science Dept. Karlstad University Tel: +46-(0)54-700 1786 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6g+3rJtcD8rikkmwRAvHUAJ4uWXQbTnvDwFziBTbJpURTO9iW8ACfe3d9 Fga56hN2ziJcR0jBleWzbUE= =cUnp -----END PGP SIGNATURE----- - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): weird patch? Jörgen Sigvardsson
Previous Article (by Date): Re: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Top of Thread: UML+RSBAC = TRUE...? Jörgen Sigvardsson
Next in Thread: Re: UML+RSBAC = TRUE...? Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]