===== Preparing your boot loader =====

You will need a few special options for you first RSBAC boot.
If you need, we have a complete (and extensive) list of [[documentation:rsbac_handbook:appendixes:rsbac_reference:kernel_parameters|kernel parameters]].

When you boot, the default RSBAC policy will disallow any setuid call. It means you will not be able to log in!
To alleviate this, you can tell RSBAC at boot time that we allow ''/bin/login'' (the program taking care of console logins) to set uids, by adding the ''rsbac_auth_enable_login'' parameter:
//Note: please see the next paragraph before blindly following instructions here. You will probably rather use Softmode for the first boot.//

lilo:
FIXME

Grub:
<code>
# edit /boot/grub/grub.conf (or /boot/grub/menu.lst) or equivalent:
kernel /boot/your-rsbac-kernel-image rsbac_auth_enable_login
</code>


You can now reboot and check if everything is fine. You will be able to login as root and secoff (sometimes called so, it's the Security Officer), but many things might fail to start and will not work because they are denied.

**Important:** An easier, and also recommanded solution is to enable the Softmode, for the first time.

==== What is Softmode ? ====

As the name implies, Softmode does not enforce the RSBAC restrictions. You will still see the denied entries in RSBAC's log, but everything will work as it would on a normal system.
This way, you can trigger every error and see what is getting denied and what needs to be allowed, in a flexible manner, without ever locking yourself out of the machine.

You can boot in Softmode by adding the ''rsbac_softmode'' parameter:

lilo:
FIXME

Grub:
<code>
# edit /boot/grub/grub.conf (or /boot/grub/menu.lst) or equivalent:
kernel /boot/your-rsbac-kernel-image rsbac_softmode
</code>

**Important:** please remember to turn off the Softmode options when your system is ready and completely configured !
This is only a convenience option and could lower your system security if left on.

You can now start your computer with the RSBAC enabled kernel !


===== Troubleshooting boot problems =====

  * Are you using a ramdisk or initrd ?
    * If so you will need to check the "Delayed init for initial ramdisk" option (''CONFIG_RSBAC_INIT_DELAY'') inside of the "General RSBAC options" in your [[installing_from_source|kernel configuration]]


\\ 
----
**Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\
**Previous:** [[choosing_the_right_package|Choosing the right package]]\\
**Previous alternative:** [[.installing_from_source:administration_tools|Installing Administration Tools from source]]\\ 
**Next:** [[:documentation:rsbac_handbook:configuration_basics|Configuration]]