headers
Andrea Pasquinucci | 4 Apr 2006 09:02
Picon

Re: RSBAC 1.2.6pre4 released

On Tue, Mar 07, 2006 at 11:00:06AM +0100, kang wrote:
* 1.2.6pre4 released
* 
* RSBAC 1.2.6pre4 has been released for both kernels 2.4.32 and 2.6.15.

I cannot compile this kernel, I get the following 2 errors:

  CC      rsbac/adf/daz/dazuko_rsbac.o
In file included from rsbac/adf/daz/dazuko_rsbac.c:32:
rsbac/adf/daz/dazuko_rsbac.h:26:31: error: linux/modversions.h: No such file or directory
make[3]: *** [rsbac/adf/daz/dazuko_rsbac.o] Error 1
make[2]: *** [rsbac/adf/daz] Error 2
make[1]: *** [rsbac/adf] Error 2
make: *** [rsbac] Error 2

  CC      rsbac/data_structures/aci_data_structures.o
rsbac/data_structures/aci_data_structures.c: In function 'rsbac_init':
rsbac/data_structures/aci_data_structures.c:8015: error: variable 'rc_init_p_aci' has
initializer but incomplete type
rsbac/data_structures/aci_data_structures.c:8015: error: 'DEFAULT_RC_P_INIT_ACI' undeclared
(first use in this function)
rsbac/data_structures/aci_data_structures.c:8015: error: (Each undeclared identifier is reported
only once
rsbac/data_structures/aci_data_structures.c:8015: error: for each function it appears in.)
rsbac/data_structures/aci_data_structures.c:8015: error: storage size of 'rc_init_p_aci' isn't known
rsbac/data_structures/aci_data_structures.c:8016: warning: unused variable 'init_pid'
rsbac/data_structures/aci_data_structures.c:8015: warning: unused variable 'rc_init_p_aci'
rsbac/data_structures/aci_data_structures.c:8014: warning: unused variable 'p'
rsbac/data_structures/aci_data_structures.c:8013: warning: unused variable 'rsbac_kthread_entry'
make[2]: *** [rsbac/data_structures/aci_data_structures.o] Error 1
(Continue reading)

Permalink | Reply | 1 comment |
headers
Amon Ott | 4 Apr 2006 13:15

Re: RSBAC 1.2.6pre4 released

Hi Andrea!

On Dienstag 04 April 2006 09:02, Andrea Pasquinucci wrote:
> On Tue, Mar 07, 2006 at 11:00:06AM +0100, kang wrote:
> * 1.2.6pre4 released
> * 
> * RSBAC 1.2.6pre4 has been released for both kernels 2.4.32 and 
2.6.15.
> 
> I cannot compile this kernel, I get the following 2 errors:
> 
>   CC      rsbac/adf/daz/dazuko_rsbac.o
> In file included from rsbac/adf/daz/dazuko_rsbac.c:32:
> rsbac/adf/daz/dazuko_rsbac.h:26:31: error: linux/modversions.h: No 
such file or directory
> make[3]: *** [rsbac/adf/daz/dazuko_rsbac.o] Error 1
> make[2]: *** [rsbac/adf/daz] Error 2
> make[1]: *** [rsbac/adf] Error 2
> make: *** [rsbac] Error 2

This should be fixed in latest svn.

>   CC      rsbac/data_structures/aci_data_structures.o
> rsbac/data_structures/aci_data_structures.c: In function 
'rsbac_init':
> rsbac/data_structures/aci_data_structures.c:8015: error: variable 
'rc_init_p_aci' has initializer but incomplete type
> rsbac/data_structures/aci_data_structures.c:8015: error: 
'DEFAULT_RC_P_INIT_ACI' undeclared (first use in this function)
> rsbac/data_structures/aci_data_structures.c:8015: error: (Each
(Continue reading)

Permalink | Reply | 0 comments |
headers
gabor.horvath | 7 Apr 2006 08:38
Picon

Boot Role question

Dear Members, 

I'd appreciate if someone could answer my questions. Former I used wrapper 
roles to start the rsbac system. They worked OK. Now I want to test the 
boot role to reduce the number of necessary 'wrapper' roles.

1. When does the run of the boot role end? I mean if it starts anything 
which doesn't have a force role then it will run with Boot Role, won't it?
2. How can I be sure that all process with boot role ended?

Thank you very much.

Gábor Horváth
mailto:gabor.horvath <at> konicaminolta.hu
Permalink | Reply | 4 comments |
headers
Amon Ott | 7 Apr 2006 09:53

Re: Boot Role question

On Freitag 07 April 2006 08:38, gabor.horvath <at> konicaminolta.hu wrote:
> I'd appreciate if someone could answer my questions. Former I used 
wrapper 
> roles to start the rsbac system. They worked OK. Now I want to test 
the 
> boot role to reduce the number of necessary 'wrapper' roles.
> 
> 1. When does the run of the boot role end? I mean if it starts 
anything 
> which doesn't have a force role then it will run with Boot Role, 
won't it?

Exactly. I recommend a global "System Setup" role as force role on rcS 
etc., so that only kernel threads and init run with boot role.

> 2. How can I be sure that all process with boot role ended?

I have a little script for secoff to show all roles:

ps ax|cut -c 1-6,28-|while read pid name
do
  echo -n $pid $name": "
  attr_get_process RC $pid rc_role
done

Once in a while I use it to check that all roles are as expected. BTW, 
I have a similar one for jails:

ps ax|cut -c 1-6,28-|while read pid name
do
(Continue reading)

Permalink | Reply | 3 comments |
headers
gabor.horvath | 7 Apr 2006 10:09
Picon

Válasz: Re: Boot Role question

Thank you, that's very good. Though I thought forcing a role to e.g. rcS 
is inefficient 'cause only binaries can change their role not scripts. Or 
did I miss something?

Gábor Horváth 
mailto:gabor.horvath <at> konicaminolta.hu

Amon Ott <ao <at> rsbac.org>
Feladó: rsbac-bounces <at> rsbac.org
2006.04.07 09:53
Kérem, válaszoljon ennek a személynek: RSBAC Discussion and Announcements

       Címzett:         RSBAC Discussion and Announcements 
<rsbac <at> rsbac.org>
         Másolat: 
             Tárgy:     Re: [rsbac] Boot Role question

On Freitag 07 April 2006 08:38, gabor.horvath <at> konicaminolta.hu wrote:
> I'd appreciate if someone could answer my questions. Former I used 
wrapper 
> roles to start the rsbac system. They worked OK. Now I want to test 
the 
> boot role to reduce the number of necessary 'wrapper' roles.
> 
> 1. When does the run of the boot role end? I mean if it starts 
anything 
> which doesn't have a force role then it will run with Boot Role, 
won't it?

Exactly. I recommend a global "System Setup" role as force role on rcS
(Continue reading)

Permalink | Reply | 2 comments |
headers
Amon Ott | 7 Apr 2006 10:17

Re: Válasz: Re: [rsbac] Boot Role question

On Freitag 07 April 2006 10:09, gabor.horvath <at> konicaminolta.hu wrote:
> Thank you, that's very good. Though I thought forcing a role to e.g. 
rcS 
> is inefficient 'cause only binaries can change their role not 
scripts. Or 
> did I miss something?

rcS is started with exec, so the force role works fine. And all 
daemons get started by this script or by rc, so they get the role, 
too.

Some distros source init scripts, so the force role does not work for 
them. I changed them to real exec here. A bit slower, but more 
secure.

Amon.
--

-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
Permalink | Reply | 1 comment |
headers
gabor.horvath | 7 Apr 2006 10:21
Picon

Válasz: Re: Válasz: Re: Boot Role question

OK, and what about getty (mgetty)? Isn't it dangerous having the terminals 
run by Boot Role? Though I know if so logs in than s/he switches to 
security officer role.

Thank you.

Gábor Horváth
mailto:gabor.horvath <at> konicaminolta.hu

Amon Ott <ao <at> rsbac.org>
Feladó: rsbac-bounces <at> rsbac.org
2006.04.07 10:17
Kérem, válaszoljon ennek a személynek: RSBAC Discussion and Announcements

       Címzett:         RSBAC Discussion and Announcements 
<rsbac <at> rsbac.org>
         Másolat: 
             Tárgy:     Re: Válasz: Re: [rsbac] Boot Role question

On Freitag 07 April 2006 10:09, gabor.horvath <at> konicaminolta.hu wrote:
> Thank you, that's very good. Though I thought forcing a role to e.g. 
rcS 
> is inefficient 'cause only binaries can change their role not 
scripts. Or 
> did I miss something?

rcS is started with exec, so the force role works fine. And all 
daemons get started by this script or by rc, so they get the role, 
too.
(Continue reading)

Permalink | Reply | 0 comments |
headers
gabor.horvath | 7 Apr 2006 13:41
Picon

Delete rsbac settings easily?

Is there an 'easy' way to delete rsbac settings completely? I'm 
reorganizing my settings and it's exhausting to reboot with a non-rsbac 
kernel, remove all rsbac.dat dirs, reboot again and restore settings.

Thank you !

Gábor Horváth 
mailto:gabor.horvath <at> konicaminolta.hu
Permalink | Reply | 6 comments |
headers
Amon Ott | 7 Apr 2006 14:07

Re: Delete rsbac settings easily?

On Freitag 07 April 2006 13:41, gabor.horvath <at> konicaminolta.hu wrote:
> Is there an 'easy' way to delete rsbac settings completely? I'm 
> reorganizing my settings and it's exhausting to reboot with a 
non-rsbac 
> kernel, remove all rsbac.dat dirs, reboot again and restore 
settings.

You could make a script for this. attr_rm_* can help a bit.

Amon.
--

-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
Permalink | Reply | 5 comments |
headers
gabor.horvath | 7 Apr 2006 14:24
Picon

Válasz: Re: Delete rsbac settings easily?

Thank you for your help! Unfortunately I'm not very familiar with the 
command line tools but I'll have a look at them.
Üdvözlettel / Kind regards,

Horváth Gábor
hálózati és rendszeradminisztrátor / IT specialist

Konica Minolta Magyarország / Hungary
Tel:+36-1-4649-013

mailto:gabor.horvath <at> konicaminolta.hu
http://www.konicaminolta.hu

Érdeklődik a legújabb Konica Minolta hírek iránt? Iratkozzon fel a 
rendszeres hírlevelünkre! http://www.konicaminolta.hu/hirlevel

Amon Ott <ao <at> rsbac.org>
Feladó: rsbac-bounces <at> rsbac.org
2006.04.07 14:07
Kérem, válaszoljon ennek a személynek: RSBAC Discussion and Announcements

       Címzett:         RSBAC Discussion and Announcements 
<rsbac <at> rsbac.org>
         Másolat: 
             Tárgy:     Re: [rsbac] Delete rsbac settings easily?

On Freitag 07 April 2006 13:41, gabor.horvath <at> konicaminolta.hu wrote:
> Is there an 'easy' way to delete rsbac settings completely? I'm 
> reorganizing my settings and it's exhausting to reboot with a 
non-rsbac
(Continue reading)

Permalink | Reply | 4 comments |

Gmane