[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-help] compile problem
|
From: |
Benjamin Adler |
|
Subject: |
Re: [Dazuko-help] compile problem |
|
Date: |
Wed, 29 Sep 2004 01:02:17 +0200 |
|
User-agent: |
KMail/1.7.50 |
Hello John!
I'm really sorry to bug you again, it just won't work :(
# ls -ld /usr/src/linux
lrwxrwxrwx 1 root root 30 Sep 27 12:02 /usr/src/linux ->
linux-2.6.8.1-rsbac-v1.2.3-bf3
# uname -r
2.6.8.1-rsbac
I'm booting the kernel with rsbac_softmode, otherwise I cannot even boot (he
seems to be unable to find /dev/hda then).
# ls -l /dev/dazuko
crw-rw-rw- 1 root root 254, 0 Sep 29 2004 /dev/dazuko
make menuconfig says:
[*] Rule Set Based Access Control (RSBAC)
General RSBAC options --->
[ ] Initialize RSBAC in separate kernel thread
[*] RSBAC proc support
[*] Check on init
[ ] Disable RSBAC writing to disk
[ ] Allow attribute writing on MSDOS filesystems
(5) RSBAC auto write to disk interval in seconds
[*] RSBAC debugging support
[ ] Provide DEV and USER backup files
(400) RSBAC default security officer user ID
[ ] Delayed init for initial ramdisk
[ ] RSBAC Maintenance Kernel (Use with care!)
Decision module (policy) options --->
[*] Support for Registration of decision modules (REG)
[ ] Build REG sample modules
[ ] RSBAC support for MAC policy
[ ] RSBAC support for FC policy
[ ] RSBAC support for SIM policy
[ ] RSBAC support for PM policy
[*] RSBAC support for DAZuko policy
DAZ Policy Options --->
[ ] Cache scanning results
(254) Dazuko device major number
[ ] RSBAC support for FF policy
[ ] RSBAC support for RC policy
[ ] RSBAC support for AUTH policy
[ ] RSBAC support for ACL policy
[ ] RSBAC support for Linux Caps (CAP) policy
[ ] RSBAC support for JAIL policy
[ ] RSBAC support for PAX policy
[ ] RSBAC support for System Resources (RES) policy
Softmode and switching --->
[ ] RSBAC policies switchable
[*] RSBAC soft mode
[ ] Toggle soft mode with SysRq-X
[*] Individual module softmode support
Logging --->
[*] Individual file/dir/dev object logging
[*] Individual user logging
[*] Individual program logging
[*] Log full path
(512) Maximum path length (256 - 4000)
[*] RSBAC own logging facility
[*] Allow to disable logging to syslog
[ ] Log to remote UDP network socket
[*] RSBAC symlink redirection
[*] Add user ID number
[*] Add RC role number
[ ] Allow disabling of Linux filesystem access control
Other RSBAC options --->
[ ] Support secure_delete
[*] Intercept sys_read and sys_write
[*] Intercept Semaphore IPC operations
[*] Control DAC process owner (seteuid, setfsuid)
[*] Hide processes in /proc
[*] RSBAC check sys_syslog
[ ] Make RSBAC data files visible
[ ] No decision on net mounts
[ ] X support (normal user MODIFY_PERM access to
ST_ioports)
[ ] Faked root uid
[*] RSBAC extra statistics
With
secoff $ rsbac_fd_menu /tmp/dazuko-2.0.4-pre2/example_c/example
I made sure "DAZ Scanner" is set to "1 / On". I don't really know about the
other settings: "DAZ Scanned" is set to "N/A", "Attribute Get Mode" is
"real", All other settings are either N/A or empty
Now, as both root and secoff:
# /tmp/dazuko-2.0.4-pre2/example_c/example
error: failed to register with Dazuko
$ /tmp/dazuko-2.0.4-pre2/example_c/example
error: failed to register with Dazuko
# strace /tmp/dazuko-2.0.4-pre2/example_c/example
execve("/tmp/dazuko-2.0.4-pre2/example_c/example",
["/tmp/dazuko-2.0.4-pre2/example_c/example"], [/* 39 vars */]) = 0
uname({sys="Linux", node="petterson", ...}) = 0
brk(0) = 0x804c000
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40014000
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=153231, ...}) = 0
mmap2(NULL, 153231, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200Y\1"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1174424, ...}) = 0
mmap2(NULL, 1104676, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4003b000
mmap2(0x40143000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0x107) = 0x40143000
mmap2(0x40147000, 6948, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_ANONYMOUS, -1, 0) = 0x40147000
close(3) = 0
munmap(0x40015000, 153231) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "\27U\276\265", 4) = 4
close(3) = 0
brk(0) = 0x804c000
brk(0x806d000) = 0x806d000
brk(0) = 0x806d000
open("/dev/dazuko", O_RDWR) = 3
read(3, 0xbffff730, 31) = -1 EPERM (Operation not permitted)
close(3) = 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 2), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40015000
write(1, "error: failed to register with D"..., 38error: failed to register
with Dazuko
) = 38
munmap(0x40015000, 4096) = 0
exit_group(-1) = ?
The "Operation not permitted" on /dev/dazuko still happens when I chmod
777 /dev/dazuko. dmesg and /var/log/everything/current don't have any
rsbac/dazuko info at all (since I switched off the other modules).
Do you have any other ideas? Could there be a missing dazuko-lib? A conflict
between different versions maybe?
Thank you!
Ben Adler
- [Dazuko-help] compile problem, Benjamin Adler, 2004/09/25
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/25
- Message not available
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/27
- Re: [Dazuko-help] compile problem, Benjamin Adler, 2004/09/27
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/28
- Re: [Dazuko-help] compile problem,
Benjamin Adler <=
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/29
- Re: [Dazuko-help] compile problem, Benjamin Adler, 2004/09/29
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/30
- Re: [Dazuko-help] compile problem, Benjamin Adler, 2004/09/30
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/30