Re: [Dazuko-help] compile problem

[John Ogness]

Benjamin Adler wrote:
> I have:
> [*] RSBAC support for DAZuko policy
>         DAZ Policy Options  --->
>         [*]   Cache scanning results
>         (86400)     Scanning result lifetime in seconds
>         [ ]       Keep scanning results over reboot
>         (254)   Dazuko device major number

Hi,

I would recommend configuring RSBAC without the cache feature:

[ ]   Cache scanning results
(254)   Dazuko device major number

Once you have the kernel built you still need to create the Dazuko device:

# mknod -m 666 /dev/dazuko c 254 0

Normally you would not want /dev/dazuko to have 666 permissions, but 
with RSBAC the access control is done differently. With RSBAC you have 
to mark the applications that are allowed to interact with Dazuko. You 
do this by running the administration program:

$ rsbac_fd_menu example

This will allow you to set the "example" binary to be a DAZ_scanner:

DAZ Scanner:   1 / On

Note: to run the rsbac_fd_menu program, you will need to be the security 
officer (user 400)

Once you have done all that, then you can run the example program. The 
example program checks to see if you are root. For RSBAC it is not 
necessary to be root, but since it is hard-coded in the example program, 
you will either have to remove the check from example.c or be root.

Once you get everything up and running, you will see how well Dazuko and 
RSBAC work together.

Someday I hope to add this information to the Dazuko website.

John Ogness

--
Dazuko Maintainer