From valizadeh82 at yahoo.com Mon Aug 15 21:10:14 2011 From: valizadeh82 at yahoo.com (ali valizadeh) Date: Mon, 15 Aug 2011 12:10:14 -0700 (PDT) Subject: [rsbac] Boot Role Message-ID: <1313435414.81119.YahooMailNeo@web130202.mail.mud.yahoo.com> Hello all, I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. Regards, Ali From tazok.id0 at gmail.com Mon Aug 15 23:11:23 2011 From: tazok.id0 at gmail.com (=?ISO-8859-1?Q?Javier_Juan_Mart=EDnez_Cabez=F3n?=) Date: Mon, 15 Aug 2011 23:11:23 +0200 Subject: [rsbac] Boot Role In-Reply-To: <1313435414.81119.YahooMailNeo@web130202.mail.mud.yahoo.com> References: <1313435414.81119.YahooMailNeo@web130202.mail.mud.yahoo.com> Message-ID: If the message is exactly this (NOT GRANTED by RC), RC is not in softmode, secure mode instead (in global softmode you would see NOT GRANTED (softmode) by RC. Add boot parameter rsbac_softmode/ rsbac_softmode_rc to your grub/lilo to switch in softmode. I don't remember default values of init, but you could check the default values of the binaries and the /sbin/init it self together with the boot role parameters definition to check what's up, the reason of the change you will found in there. This is at this way because security concerns, nobody (no daemons, no initrd scripts etc) should run with boot role, maybe you should create their own roles to this binaries and make them running under them isolating all you can. By default in RC there is inheritance in until a setuid or exec is done if it's happened then could exist triggers to change the new rol. Check above. You should check this too, take a look: http://www.rsbac.org/documentation/rsbac_handbook/ Furthermore you should add some more information, as which distribution do you use, version of rsbac and things like this because between others this parameters by default may change between versions. 2011/8/15 ali valizadeh > Hello all, > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set > AUTH policy to boot system with it (RC is in softmode). However I couldn't > boot system with RC. I have checked that at boot time /sbin/init contains > the Boot Role (999999) as initial_role but the system couldn't boot with the > role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, > avahi-daemon, hal-daemon and others. If init process is the parent of other > processes, and RSBAC system support inheritance, why the other processes > can't get Boot Role (in my test the role of other processes is General user > (0) and I expect it to be Boot Role!)? > > Please help me to boot system with the Boot Role (999999). Thanks in > advance for your help. > > > Regards, > Ali > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac > From jens at kasten-edv.de Mon Aug 15 23:25:03 2011 From: jens at kasten-edv.de (Jens Kasten) Date: Mon, 15 Aug 2011 23:25:03 +0200 Subject: [rsbac] Boot Role In-Reply-To: <1313435414.81119.YahooMailNeo@web130202.mail.mud.yahoo.com> References: <1313435414.81119.YahooMailNeo@web130202.mail.mud.yahoo.com> Message-ID: <1313443503.13473.14.camel@jaschtschik-malo> Hi Ali, your info about RC looks that is not running in softmode. Only boot a kernel with softmode enabled in the configuration not automatic boot in softmode. There is a kernel boot paramter rsbac_softmode. If you already set it then maybe check the kernel configuration for rsbac twice. More information about which kernel- and rsbac version would helpfull but not lead automatic to success in this case ;) In my case i would avoid to use the Boot Role and General Role for all services. Gr??e Jens Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > Hello all, > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? > > Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. > > > Regards, > Ali > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac From tazok.id0 at gmail.com Tue Aug 16 00:12:20 2011 From: tazok.id0 at gmail.com (=?ISO-8859-1?Q?Javier_Juan_Mart=EDnez_Cabez=F3n?=) Date: Tue, 16 Aug 2011 00:12:20 +0200 Subject: [rsbac] Boot Role In-Reply-To: <1313443503.13473.14.camel@jaschtschik-malo> References: <1313435414.81119.YahooMailNeo@web130202.mail.mud.yahoo.com> <1313443503.13473.14.camel@jaschtschik-malo> Message-ID: I think it's the key of this question because if I'm not wrong inherited mixed proc/user parameter is not the switch by default now. 2011/8/15 Jens Kasten > > More information about which kernel- and rsbac version would helpfull > but not lead automatic to success in this case ;) > > In my case i would avoid to use the Boot Role and General Role for all > services. > > Gr??e > Jens > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could > set AUTH policy to boot system with it (RC is in softmode). However I > couldn't boot system with RC. I have checked that at boot time /sbin/init > contains the Boot Role (999999) as initial_role but the system couldn't boot > with the role. There are many "NOT_GRANTED by RC" in processes such as > dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the > parent of other processes, and RSBAC system support inheritance, why the > other processes can't get Boot Role (in my test the role of other processes > is General user (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in > advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac > From aleph at mandriva.org Tue Aug 16 18:54:33 2011 From: aleph at mandriva.org (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Tue, 16 Aug 2011 09:54:33 -0700 Subject: [rsbac] kernel-3.0.y Message-ID: <20110816095433.9b05b4e5e48d18b6dc565714b379f9f0.a8cd6efa9e.wbe@email10.secureserver.net> Hi The Mandriva 20011 is RSBAC ready now. I submit the kernel-rsbac-3.0.1 and will maintain all the Mandriva 2011 lifetime. 1. Install Mandriva 2011 (now Mandriva 2011 RC2) 2. open a konsole and run "urpmi rsbac" 3. http://www.rsbac.org/documentation/rsbac_handbook/installation/first_boot Gergely Lonyai, Aleph From valizadeh82 at yahoo.com Tue Aug 16 22:09:06 2011 From: valizadeh82 at yahoo.com (ali valizadeh) Date: Tue, 16 Aug 2011 13:09:06 -0700 (PDT) Subject: [rsbac] Boot Role (RC module) In-Reply-To: References: Message-ID: <1313525346.41357.YahooMailNeo@web130213.mail.mud.yahoo.com> Hi everyone, I have installed the rsbac 1.4.3 version on Fedora 12 (kernel version 2.6.32-8). In my compilation AUTH and RC is enabled. Yes, I boot system with rsbac_softmode to configure the system at first boot. I could set policy for AUTH to remove the "NOT_GRANTED by AUTH (softmode)" but I couldn't set correct policy for RC to remove "NOT_GRANTED by RC (softmode)" messages. I want to set policy for RC module in softmode then I want to boot system in enforcement mode without the softmode parameter. Please help me to use boot role or other roles (if boot role is insecure) to boot system in enforcement mode. Please help me how to set roles (initial or force roles) for init, dbus-daemon, avahi-daemon, hal-daemon and other processes to boot system correctly. Many thanks to all. Regards, Ali ________________________________ From: "rsbac-request at rsbac.org" To: rsbac at rsbac.org Sent: Tuesday, August 16, 2011 9:31 PM Subject: rsbac Digest, Vol 61, Issue 1 >Hello all, >I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in >softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as >initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, >avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the > other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? > Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. > Regards, > Ali ------------------------------ Message: 6 Date: Mon, 15 Aug 2011 23:11:23 +0200 From: Javier Juan Mart?nez Cabez?n To: RSBAC Discussion and Announcements Subject: Re: [rsbac] Boot Role Message-ID: ??? Content-Type: text/plain; charset=ISO-8859-1 If the message is exactly this (NOT GRANTED by RC), RC is not in softmode, secure mode instead (in global softmode you would see NOT GRANTED (softmode) by RC. Add boot parameter rsbac_softmode/ rsbac_softmode_rc to your grub/lilo to switch in softmode. I don't remember default values of init, but you could check the default values of the binaries and the /sbin/init it self together with the boot role parameters definition to check what's up, the reason of the change you will found in there. This is at this way because security concerns, nobody (no daemons, no initrd scripts etc) should run with boot role, maybe you should create their own roles to this binaries and make them running under them isolating all you can. By default in RC there is inheritance in until a setuid or exec is done if it's happened then could exist triggers to change the new rol. Check above. You should check this too, take a look: http://www.rsbac.org/documentation/rsbac_handbook/ Furthermore you should add some more information, as which distribution do you use, version of rsbac and things like this because between others this parameters by default may change between versions. 2011/8/15 ali valizadeh > Hello all, > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set > AUTH policy to boot system with it (RC is in softmode). However I couldn't > boot system with RC. I have checked that at boot time /sbin/init contains > the Boot Role (999999) as initial_role but the system couldn't boot with the > role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, > avahi-daemon, hal-daemon and others. If init process is the parent of other > processes, and RSBAC system support inheritance, why the other processes > can't get Boot Role (in my test the role of other processes is General user > (0) and I expect it to be Boot Role!)? > > Please help me to boot system with the Boot Role (999999). Thanks in > advance for your help. > > > Regards, > Ali > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac > ------------------------------ Message: 7 Date: Mon, 15 Aug 2011 23:25:03 +0200 From: Jens Kasten To: RSBAC Discussion and Announcements Subject: Re: [rsbac] Boot Role Message-ID: <1313443503.13473.14.camel at jaschtschik-malo> Content-Type: text/plain; charset="UTF-8" Hi Ali, your info about RC looks that is not running in softmode. Only boot a kernel with softmode enabled in the configuration not automatic boot in softmode. There is a kernel boot paramter rsbac_softmode. If you already set it then maybe check the kernel configuration for rsbac twice. More information about which kernel- and rsbac version would helpfull but not lead automatic to success in this case ;) In my case i would avoid to use the Boot Role and General Role for all services. Gr??e Jens Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > Hello all, > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? > > Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. > > > Regards, > Ali > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac ------------------------------ Message: 8 Date: Tue, 16 Aug 2011 00:12:20 +0200 From: Javier Juan Mart?nez Cabez?n To: RSBAC Discussion and Announcements Subject: Re: [rsbac] Boot Role Message-ID: ??? Content-Type: text/plain; charset=ISO-8859-1 I think it's the key of this question because if I'm not wrong inherited mixed proc/user parameter is not the switch by default now. 2011/8/15 Jens Kasten > > More information about which kernel- and rsbac version would helpfull > but not lead automatic to success in this case ;) > > In my case i would avoid to use the Boot Role and General Role for all > services. > > Gr??e > Jens > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could > set AUTH policy to boot system with it (RC is in softmode). However I > couldn't boot system with RC. I have checked that at boot time /sbin/init > contains the Boot Role (999999) as initial_role but the system couldn't boot > with the role. There are many "NOT_GRANTED by RC" in processes such as > dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the > parent of other processes, and RSBAC system support inheritance, why the > other processes can't get Boot Role (in my test the role of other processes > is General user (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in > advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac > ------------------------------ Message: 9 Date: Tue, 16 Aug 2011 09:54:33 -0700 From: "Gergely =?UTF-8?Q?L=C3=B3nyai?=" To: rsbac at rsbac.org Subject: [rsbac] kernel-3.0.y Message-ID: ??? <20110816095433.9b05b4e5e48d18b6dc565714b379f9f0.a8cd6efa9e.wbe at email10.secureserver.net> ??? Content-Type: text/plain; charset="utf-8" Hi The Mandriva 20011 is RSBAC ready now. I submit the kernel-rsbac-3.0.1 and will maintain all the Mandriva 2011 lifetime. 1. Install Mandriva 2011 (now Mandriva 2011 RC2) 2. open a konsole and run "urpmi rsbac" 3. http://www.rsbac.org/documentation/rsbac_handbook/installation/first_boot Gergely Lonyai, Aleph ------------------------------ _______________________________________________ rsbac mailing list rsbac at rsbac.org https://www.rsbac.org/mailman/listinfo/rsbac End of rsbac Digest, Vol 61, Issue 1 ************************************ From jens at kasten-edv.de Tue Aug 16 22:43:49 2011 From: jens at kasten-edv.de (Jens Kasten) Date: Tue, 16 Aug 2011 22:43:49 +0200 Subject: [rsbac] Boot Role (RC module) In-Reply-To: <1313525346.41357.YahooMailNeo@web130213.mail.mud.yahoo.com> References: <1313525346.41357.YahooMailNeo@web130213.mail.mud.yahoo.com> Message-ID: <1313527429.18240.8.camel@jaschtschik-malo> You could visit this site: http://www.rsbac.org/wiki/experiences/igraltist/rc This is my try to start RSBAC RC setup. The wiki is not complete and have to update. Here also older wiki which described how to setup RC Roles http://www.rsbac.org/wiki/experiences/telmich And this: http://www.rsbac.org/wiki/experiences/tweety#howto_protect_kernel_code_against_tampering Am Dienstag, den 16.08.2011, 13:09 -0700 schrieb ali valizadeh: > > Hi everyone, > > I have installed the rsbac 1.4.3 version on Fedora 12 (kernel version 2.6.32-8). In my compilation AUTH and RC is enabled. > > Yes, I boot system with rsbac_softmode to configure the system at first boot. I could set policy for AUTH to remove the "NOT_GRANTED by AUTH (softmode)" but I couldn't set correct policy for RC to remove "NOT_GRANTED by RC (softmode)" messages. > I want to set policy for RC module in softmode then I want to boot system in enforcement mode without the softmode parameter. > Please help me to use boot role or other roles (if boot role is insecure) to boot system in enforcement mode. Please help me how to set roles (initial or force roles) for init, dbus-daemon, avahi-daemon, hal-daemon and other processes to boot system correctly. > > Many thanks to all. > > Regards, > Ali > > > > > ________________________________ > From: "rsbac-request at rsbac.org" > To: rsbac at rsbac.org > Sent: Tuesday, August 16, 2011 9:31 PM > Subject: rsbac Digest, Vol 61, Issue 1 > > > >Hello all, > > >I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in >softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as >initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, >avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the > other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? > > > Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. > > > > Regards, > > Ali > > ------------------------------ > > Message: 6 > Date: Mon, 15 Aug 2011 23:11:23 +0200 > From: Javier Juan Mart?nez Cabez?n > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > If the message is exactly this (NOT GRANTED by RC), RC is not in softmode, > secure mode instead (in global softmode you would see NOT GRANTED (softmode) > by RC. Add boot parameter rsbac_softmode/ rsbac_softmode_rc to your > grub/lilo to switch in softmode. > > I don't remember default values of init, but you could check the default > values of the binaries and the /sbin/init it self together with the boot > role parameters definition to check what's up, the reason of the change you > will found in there. > > This is at this way because security concerns, nobody (no daemons, no initrd > scripts etc) should run with boot role, maybe you should create their own > roles to this binaries and make them running under them isolating all you > can. > > By default in RC there is inheritance in until a setuid or exec is done if > it's happened then could exist triggers to change the new rol. Check above. > > You should check this too, take a look: > http://www.rsbac.org/documentation/rsbac_handbook/ > > Furthermore you should add some more information, as which distribution do > you use, version of rsbac and things like this because between others this > parameters by default may change between versions. > > 2011/8/15 ali valizadeh > > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set > > AUTH policy to boot system with it (RC is in softmode). However I couldn't > > boot system with RC. I have checked that at boot time /sbin/init contains > > the Boot Role (999999) as initial_role but the system couldn't boot with the > > role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, > > avahi-daemon, hal-daemon and others. If init process is the parent of other > > processes, and RSBAC system support inheritance, why the other processes > > can't get Boot Role (in my test the role of other processes is General user > > (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in > > advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 7 > Date: Mon, 15 Aug 2011 23:25:03 +0200 > From: Jens Kasten > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: <1313443503.13473.14.camel at jaschtschik-malo> > Content-Type: text/plain; charset="UTF-8" > > Hi Ali, > > your info about RC looks that is not running in softmode. > Only boot a kernel with softmode enabled in the configuration not > automatic boot in softmode. > There is a kernel boot paramter rsbac_softmode. > If you already set it then maybe check the kernel configuration for > rsbac twice. > More information about which kernel- and rsbac version would helpfull > but not lead automatic to success in this case ;) > > In my case i would avoid to use the Boot Role and General Role for all > services. > > Gr??e > Jens > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 8 > Date: Tue, 16 Aug 2011 00:12:20 +0200 > From: Javier Juan Mart?nez Cabez?n > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > I think it's the key of this question because if I'm not wrong inherited > mixed proc/user parameter is not the switch by default now. > > 2011/8/15 Jens Kasten > > > > > More information about which kernel- and rsbac version would helpfull > > but not lead automatic to success in this case ;) > > > > In my case i would avoid to use the Boot Role and General Role for all > > services. > > > > Gr??e > > Jens > > > > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > > Hello all, > > > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could > > set AUTH policy to boot system with it (RC is in softmode). However I > > couldn't boot system with RC. I have checked that at boot time /sbin/init > > contains the Boot Role (999999) as initial_role but the system couldn't boot > > with the role. There are many "NOT_GRANTED by RC" in processes such as > > dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the > > parent of other processes, and RSBAC system support inheritance, why the > > other processes can't get Boot Role (in my test the role of other processes > > is General user (0) and I expect it to be Boot Role!)? > > > > > > Please help me to boot system with the Boot Role (999999). Thanks in > > advance for your help. > > > > > > > > > Regards, > > > Ali > > > _______________________________________________ > > > rsbac mailing list > > > rsbac at rsbac.org > > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 9 > Date: Tue, 16 Aug 2011 09:54:33 -0700 > From: "Gergely =?UTF-8?Q?L=C3=B3nyai?=" > To: rsbac at rsbac.org > Subject: [rsbac] kernel-3.0.y > Message-ID: > <20110816095433.9b05b4e5e48d18b6dc565714b379f9f0.a8cd6efa9e.wbe at email10.secureserver.net> > > Content-Type: text/plain; charset="utf-8" > > Hi > > The Mandriva 20011 is RSBAC ready now. I submit the kernel-rsbac-3.0.1 > and will maintain all the Mandriva 2011 lifetime. > > 1. Install Mandriva 2011 (now Mandriva 2011 RC2) > 2. open a konsole and run "urpmi rsbac" > 3. > http://www.rsbac.org/documentation/rsbac_handbook/installation/first_boot > > Gergely Lonyai, Aleph > > > > ------------------------------ > > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > https://www.rsbac.org/mailman/listinfo/rsbac > > End of rsbac Digest, Vol 61, Issue 1 > ************************************ > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac From jens at kasten-edv.de Tue Aug 16 22:43:49 2011 From: jens at kasten-edv.de (Jens Kasten) Date: Tue, 16 Aug 2011 22:43:49 +0200 Subject: [rsbac] Boot Role (RC module) In-Reply-To: <1313525346.41357.YahooMailNeo@web130213.mail.mud.yahoo.com> References: <1313525346.41357.YahooMailNeo@web130213.mail.mud.yahoo.com> Message-ID: <1313527429.18240.8.camel@jaschtschik-malo> You could visit this site: http://www.rsbac.org/wiki/experiences/igraltist/rc This is my try to start RSBAC RC setup. The wiki is not complete and have to update. Here also older wiki which described how to setup RC Roles http://www.rsbac.org/wiki/experiences/telmich And this: http://www.rsbac.org/wiki/experiences/tweety#howto_protect_kernel_code_against_tampering Am Dienstag, den 16.08.2011, 13:09 -0700 schrieb ali valizadeh: > > Hi everyone, > > I have installed the rsbac 1.4.3 version on Fedora 12 (kernel version 2.6.32-8). In my compilation AUTH and RC is enabled. > > Yes, I boot system with rsbac_softmode to configure the system at first boot. I could set policy for AUTH to remove the "NOT_GRANTED by AUTH (softmode)" but I couldn't set correct policy for RC to remove "NOT_GRANTED by RC (softmode)" messages. > I want to set policy for RC module in softmode then I want to boot system in enforcement mode without the softmode parameter. > Please help me to use boot role or other roles (if boot role is insecure) to boot system in enforcement mode. Please help me how to set roles (initial or force roles) for init, dbus-daemon, avahi-daemon, hal-daemon and other processes to boot system correctly. > > Many thanks to all. > > Regards, > Ali > > > > > ________________________________ > From: "rsbac-request at rsbac.org" > To: rsbac at rsbac.org > Sent: Tuesday, August 16, 2011 9:31 PM > Subject: rsbac Digest, Vol 61, Issue 1 > > > >Hello all, > > >I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in >softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as >initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, >avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the > other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? > > > Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. > > > > Regards, > > Ali > > ------------------------------ > > Message: 6 > Date: Mon, 15 Aug 2011 23:11:23 +0200 > From: Javier Juan Mart?nez Cabez?n > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > If the message is exactly this (NOT GRANTED by RC), RC is not in softmode, > secure mode instead (in global softmode you would see NOT GRANTED (softmode) > by RC. Add boot parameter rsbac_softmode/ rsbac_softmode_rc to your > grub/lilo to switch in softmode. > > I don't remember default values of init, but you could check the default > values of the binaries and the /sbin/init it self together with the boot > role parameters definition to check what's up, the reason of the change you > will found in there. > > This is at this way because security concerns, nobody (no daemons, no initrd > scripts etc) should run with boot role, maybe you should create their own > roles to this binaries and make them running under them isolating all you > can. > > By default in RC there is inheritance in until a setuid or exec is done if > it's happened then could exist triggers to change the new rol. Check above. > > You should check this too, take a look: > http://www.rsbac.org/documentation/rsbac_handbook/ > > Furthermore you should add some more information, as which distribution do > you use, version of rsbac and things like this because between others this > parameters by default may change between versions. > > 2011/8/15 ali valizadeh > > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set > > AUTH policy to boot system with it (RC is in softmode). However I couldn't > > boot system with RC. I have checked that at boot time /sbin/init contains > > the Boot Role (999999) as initial_role but the system couldn't boot with the > > role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, > > avahi-daemon, hal-daemon and others. If init process is the parent of other > > processes, and RSBAC system support inheritance, why the other processes > > can't get Boot Role (in my test the role of other processes is General user > > (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in > > advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 7 > Date: Mon, 15 Aug 2011 23:25:03 +0200 > From: Jens Kasten > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: <1313443503.13473.14.camel at jaschtschik-malo> > Content-Type: text/plain; charset="UTF-8" > > Hi Ali, > > your info about RC looks that is not running in softmode. > Only boot a kernel with softmode enabled in the configuration not > automatic boot in softmode. > There is a kernel boot paramter rsbac_softmode. > If you already set it then maybe check the kernel configuration for > rsbac twice. > More information about which kernel- and rsbac version would helpfull > but not lead automatic to success in this case ;) > > In my case i would avoid to use the Boot Role and General Role for all > services. > > Gr??e > Jens > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set AUTH policy to boot system with it (RC is in softmode). However I couldn't boot system with RC. I have checked that at boot time /sbin/init contains the Boot Role (999999) as initial_role but the system couldn't boot with the role. There are many "NOT_GRANTED by RC" in processes such as dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the parent of other processes, and RSBAC system support inheritance, why the other processes can't get Boot Role (in my test the role of other processes is General user (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 8 > Date: Tue, 16 Aug 2011 00:12:20 +0200 > From: Javier Juan Mart?nez Cabez?n > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > I think it's the key of this question because if I'm not wrong inherited > mixed proc/user parameter is not the switch by default now. > > 2011/8/15 Jens Kasten > > > > > More information about which kernel- and rsbac version would helpfull > > but not lead automatic to success in this case ;) > > > > In my case i would avoid to use the Boot Role and General Role for all > > services. > > > > Gr??e > > Jens > > > > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > > Hello all, > > > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could > > set AUTH policy to boot system with it (RC is in softmode). However I > > couldn't boot system with RC. I have checked that at boot time /sbin/init > > contains the Boot Role (999999) as initial_role but the system couldn't boot > > with the role. There are many "NOT_GRANTED by RC" in processes such as > > dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the > > parent of other processes, and RSBAC system support inheritance, why the > > other processes can't get Boot Role (in my test the role of other processes > > is General user (0) and I expect it to be Boot Role!)? > > > > > > Please help me to boot system with the Boot Role (999999). Thanks in > > advance for your help. > > > > > > > > > Regards, > > > Ali > > > _______________________________________________ > > > rsbac mailing list > > > rsbac at rsbac.org > > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 9 > Date: Tue, 16 Aug 2011 09:54:33 -0700 > From: "Gergely =?UTF-8?Q?L=C3=B3nyai?=" > To: rsbac at rsbac.org > Subject: [rsbac] kernel-3.0.y > Message-ID: > <20110816095433.9b05b4e5e48d18b6dc565714b379f9f0.a8cd6efa9e.wbe at email10.secureserver.net> > > Content-Type: text/plain; charset="utf-8" > > Hi > > The Mandriva 20011 is RSBAC ready now. I submit the kernel-rsbac-3.0.1 > and will maintain all the Mandriva 2011 lifetime. > > 1. Install Mandriva 2011 (now Mandriva 2011 RC2) > 2. open a konsole and run "urpmi rsbac" > 3. > http://www.rsbac.org/documentation/rsbac_handbook/installation/first_boot > > Gergely Lonyai, Aleph > > > > ------------------------------ > > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > https://www.rsbac.org/mailman/listinfo/rsbac > > End of rsbac Digest, Vol 61, Issue 1 > ************************************ > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac From tazok.id0 at gmail.com Tue Aug 16 23:48:25 2011 From: tazok.id0 at gmail.com (=?ISO-8859-1?Q?Javier_Juan_Mart=EDnez_Cabez=F3n?=) Date: Tue, 16 Aug 2011 23:48:25 +0200 Subject: [rsbac] Boot Role (RC module) In-Reply-To: <1313525346.41357.YahooMailNeo@web130213.mail.mud.yahoo.com> References: <1313525346.41357.YahooMailNeo@web130213.mail.mud.yahoo.com> Message-ID: I would do this (it's a beginning): First you shall (always with an "at least") identify persistent binaries in your system (those that when you do a "top" are always in memory and waiting, second, I would create at least new roles for this persistents binaries (from rsbac_menu you can access rc setup). It's a good idea that this programs (at least) get their own type_fd_creation/socket, fd_type, ipc_type creation, and process creation type after execution. After that, I would create enough fd_types for filesystem targets (for example to /boot their own type) and assign to it. As suggestion assign their own fd_type to binaries with minimum Capabilities (if you use CAP) and with their own running role. Change in rsbac_fd_menu initial_rol to the binary own role and in force_rol set mixed inherit user/proc one. With this you can do things like this that follows: sshd execution, with their own role set under initial role, when sshd drops privs changing from 0 (root) to 22 (user "sshd"), it uses value from rc_force role, as it's is set in "mixed user/proc", after chown (0-->22) rc_def_role from user 22 is taken getting unprivilege created role to sshd. A lot of binaries work at this way (tipically those that appears in /etc/passwd). When everything is set without softmode add parameter rsbac_rc_learn to boot parameters every role will learn everithing they need. Suggestions: Use UM and forbid setuid to unautorithed users (for example with a bug in sshd without this you could change to secoff uid, if setting authorithed only can to change if authenticated against UM. Assign block devices their own particular dev type to avoid raw access. Remove maximum capabilities to all software, and grant minimum capabilities to /sbin/ required ones (as getty, init...). cap_learning global switch is your friend, althought you should change after that maximum caps learned to minimum ones (don't include as minimum caps software like kill, cd, ls, and things alike it's a security bug). I'm thinking seriously for example if it's better get fsck/mkfs their own role and min capabilities or instead create a user with this min caps (SYS_RAWIO, DAC_OVERRIDE at least) that his role could execute the unprivilege fsck and access the devices. Remove SEND right to all roles to all characters devices (as tty) to avoid TIOCSTI security concerns. After learning backup all with -p flag (right names) and look for things to improve and rights to remove. Enjoy :-) 2011/8/16 ali valizadeh > > > Hi everyone, > > I have installed the rsbac 1.4.3 version on Fedora 12 (kernel version > 2.6.32-8). In my compilation AUTH and RC is enabled. > > Yes, I boot system with rsbac_softmode to configure the system at first > boot. I could set policy for AUTH to remove the "NOT_GRANTED by AUTH > (softmode)" but I couldn't set correct policy for RC to remove "NOT_GRANTED > by RC (softmode)" messages. > I want to set policy for RC module in softmode then I want to boot system > in enforcement mode without the softmode parameter. > Please help me to use boot role or other roles (if boot role is insecure) > to boot system in enforcement mode. Please help me how to set roles (initial > or force roles) for init, dbus-daemon, avahi-daemon, hal-daemon and other > processes to boot system correctly. > > Many thanks to all. > > Regards, > Ali > > > > > ________________________________ > From: "rsbac-request at rsbac.org" > To: rsbac at rsbac.org > Sent: Tuesday, August 16, 2011 9:31 PM > Subject: rsbac Digest, Vol 61, Issue 1 > > > >Hello all, > > >I have compiled RSBAC kernel with RC and AUTH modules enabled. I could set > AUTH policy to boot system with it (RC is in >softmode). However I couldn't > boot system with RC. I have checked that at boot time /sbin/init contains > the Boot Role (999999) as >initial_role but the system couldn't boot with > the role. There are many "NOT_GRANTED by RC" in processes such as > dbus-daemon, >avahi-daemon, hal-daemon and others. If init process is the > parent of other processes, and RSBAC system support inheritance, why the > > other processes can't get Boot Role (in my test the role of other processes > is General user (0) and I expect it to be Boot Role!)? > > > Please help me to boot system with the Boot Role (999999). Thanks in > advance for your help. > > > > Regards, > > Ali > > ------------------------------ > > Message: 6 > Date: Mon, 15 Aug 2011 23:11:23 +0200 > From: Javier Juan Mart?nez Cabez?n > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > If the message is exactly this (NOT GRANTED by RC), RC is not in softmode, > secure mode instead (in global softmode you would see NOT GRANTED > (softmode) > by RC. Add boot parameter rsbac_softmode/ rsbac_softmode_rc to your > grub/lilo to switch in softmode. > > I don't remember default values of init, but you could check the default > values of the binaries and the /sbin/init it self together with the boot > role parameters definition to check what's up, the reason of the change you > will found in there. > > This is at this way because security concerns, nobody (no daemons, no > initrd > scripts etc) should run with boot role, maybe you should create their own > roles to this binaries and make them running under them isolating all you > can. > > By default in RC there is inheritance in until a setuid or exec is done if > it's happened then could exist triggers to change the new rol. Check above. > > You should check this too, take a look: > http://www.rsbac.org/documentation/rsbac_handbook/ > > Furthermore you should add some more information, as which distribution do > you use, version of rsbac and things like this because between others this > parameters by default may change between versions. > > 2011/8/15 ali valizadeh > > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could > set > > AUTH policy to boot system with it (RC is in softmode). However I > couldn't > > boot system with RC. I have checked that at boot time /sbin/init contains > > the Boot Role (999999) as initial_role but the system couldn't boot with > the > > role. There are many "NOT_GRANTED by RC" in processes such as > dbus-daemon, > > avahi-daemon, hal-daemon and others. If init process is the parent of > other > > processes, and RSBAC system support inheritance, why the other processes > > can't get Boot Role (in my test the role of other processes is General > user > > (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in > > advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 7 > Date: Mon, 15 Aug 2011 23:25:03 +0200 > From: Jens Kasten > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: <1313443503.13473.14.camel at jaschtschik-malo> > Content-Type: text/plain; charset="UTF-8" > > Hi Ali, > > your info about RC looks that is not running in softmode. > Only boot a kernel with softmode enabled in the configuration not > automatic boot in softmode. > There is a kernel boot paramter rsbac_softmode. > If you already set it then maybe check the kernel configuration for > rsbac twice. > More information about which kernel- and rsbac version would helpfull > but not lead automatic to success in this case ;) > > In my case i would avoid to use the Boot Role and General Role for all > services. > > Gr??e > Jens > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > Hello all, > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could > set AUTH policy to boot system with it (RC is in softmode). However I > couldn't boot system with RC. I have checked that at boot time /sbin/init > contains the Boot Role (999999) as initial_role but the system couldn't boot > with the role. There are many "NOT_GRANTED by RC" in processes such as > dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the > parent of other processes, and RSBAC system support inheritance, why the > other processes can't get Boot Role (in my test the role of other processes > is General user (0) and I expect it to be Boot Role!)? > > > > Please help me to boot system with the Boot Role (999999). Thanks in > advance for your help. > > > > > > Regards, > > Ali > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 8 > Date: Tue, 16 Aug 2011 00:12:20 +0200 > From: Javier Juan Mart?nez Cabez?n > To: RSBAC Discussion and Announcements > Subject: Re: [rsbac] Boot Role > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > I think it's the key of this question because if I'm not wrong inherited > mixed proc/user parameter is not the switch by default now. > > 2011/8/15 Jens Kasten > > > > > More information about which kernel- and rsbac version would helpfull > > but not lead automatic to success in this case ;) > > > > In my case i would avoid to use the Boot Role and General Role for all > > services. > > > > Gr??e > > Jens > > > > > > Am Montag, den 15.08.2011, 12:10 -0700 schrieb ali valizadeh: > > > Hello all, > > > > > > I have compiled RSBAC kernel with RC and AUTH modules enabled. I could > > set AUTH policy to boot system with it (RC is in softmode). However I > > couldn't boot system with RC. I have checked that at boot time /sbin/init > > contains the Boot Role (999999) as initial_role but the system couldn't > boot > > with the role. There are many "NOT_GRANTED by RC" in processes such as > > dbus-daemon, avahi-daemon, hal-daemon and others. If init process is the > > parent of other processes, and RSBAC system support inheritance, why the > > other processes can't get Boot Role (in my test the role of other > processes > > is General user (0) and I expect it to be Boot Role!)? > > > > > > Please help me to boot system with the Boot Role (999999). Thanks in > > advance for your help. > > > > > > > > > Regards, > > > Ali > > > _______________________________________________ > > > rsbac mailing list > > > rsbac at rsbac.org > > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > > _______________________________________________ > > rsbac mailing list > > rsbac at rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > > > ------------------------------ > > Message: 9 > Date: Tue, 16 Aug 2011 09:54:33 -0700 > From: "Gergely =?UTF-8?Q?L=C3=B3nyai?=" > To: rsbac at rsbac.org > Subject: [rsbac] kernel-3.0.y > Message-ID: > < > 20110816095433.9b05b4e5e48d18b6dc565714b379f9f0.a8cd6efa9e.wbe at email10.secureserver.net > > > > Content-Type: text/plain; charset="utf-8" > > Hi > > The Mandriva 20011 is RSBAC ready now. I submit the kernel-rsbac-3.0.1 > and will maintain all the Mandriva 2011 lifetime. > > 1. Install Mandriva 2011 (now Mandriva 2011 RC2) > 2. open a konsole and run "urpmi rsbac" > 3. > http://www.rsbac.org/documentation/rsbac_handbook/installation/first_boot > > Gergely Lonyai, Aleph > > > > ------------------------------ > > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > https://www.rsbac.org/mailman/listinfo/rsbac > > End of rsbac Digest, Vol 61, Issue 1 > ************************************ > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac > From ao at rsbac.org Wed Aug 17 08:22:57 2011 From: ao at rsbac.org (Amon Ott) Date: Wed, 17 Aug 2011 08:22:57 +0200 Subject: [rsbac] kernel-3.0.y In-Reply-To: <20110816095433.9b05b4e5e48d18b6dc565714b379f9f0.a8cd6efa9e.wbe@email10.secureserver.net> References: <20110816095433.9b05b4e5e48d18b6dc565714b379f9f0.a8cd6efa9e.wbe@email10.secureserver.net> Message-ID: <201108170822.57382.ao@rsbac.org> Hi Aleph! On Tuesday 16 August 2011 wrote Gergely L?nyai: > The Mandriva 20011 is RSBAC ready now. I submit the kernel-rsbac-3.0.1 > and will maintain all the Mandriva 2011 lifetime. > > 1. Install Mandriva 2011 (now Mandriva 2011 RC2) > 2. open a konsole and run "urpmi rsbac" > 3. > http://www.rsbac.org/documentation/rsbac_handbook/installation/first_boot This is good news indeed! Thank you very much! Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From aleph at mandriva.org Thu Aug 18 13:04:19 2011 From: aleph at mandriva.org (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Thu, 18 Aug 2011 04:04:19 -0700 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error Message-ID: <20110818040419.9b05b4e5e48d18b6dc565714b379f9f0.033568f608.wbe@email10.secureserver.net> CC net/ipv4/route.o CC [M] drivers/i2c/busses/i2c-intel-mid.o net/ipv4/route.c:115:1: error: expected identifier or '(' before '<<' token net/ipv4/route.c: In function 'rt_garbage_collect': net/ipv4/route.c:903:16: error: 'ip_rt_max_size' undeclared (first use in this function) net/ipv4/route.c:903:16: note: each undeclared identifier is reported only once for each function it appears in CC [M] fs/reiserfs/namei.o net/ipv4/route.c: At top level: net/ipv4/route.c:3085:13: error: 'ip_rt_max_size' undeclared here (not in a function) net/ipv4/route.c: In function 'ip_rt_init': net/ipv4/route.c:3325:2: warning: statement with no effect [-Wunused-value] net/ipv4/route.c:3334:2: warning: passing argument 1 of 'xfrm4_init' makes integer from pointer without a cast [enabled by default] include/net/xfrm.h:1336:13: note: expected 'int' but argument is of type 'struct ctl_table *' make[2]: *** [net/ipv4/route.o] Error 1 make[1]: *** [net/ipv4] Error 2 make: *** [net] Error 2 make: *** Waiting for unfinished jobs.... From ao at rsbac.org Thu Aug 18 13:20:18 2011 From: ao at rsbac.org (Amon Ott) Date: Thu, 18 Aug 2011 13:20:18 +0200 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error In-Reply-To: <20110818040419.9b05b4e5e48d18b6dc565714b379f9f0.033568f608.wbe@email10.secureserver.net> References: <20110818040419.9b05b4e5e48d18b6dc565714b379f9f0.033568f608.wbe@email10.secureserver.net> Message-ID: <201108181320.18717.ao@rsbac.org> On Thursday 18 August 2011 wrote Gergely L?nyai: > CC net/ipv4/route.o > CC [M] drivers/i2c/busses/i2c-intel-mid.o > net/ipv4/route.c:115:1: error: expected identifier or '(' before '<<' > token > net/ipv4/route.c: In function 'rt_garbage_collect': > net/ipv4/route.c:903:16: error: 'ip_rt_max_size' undeclared (first use > in this function) > net/ipv4/route.c:903:16: note: each undeclared identifier is reported > only once for each function it appears in > CC [M] fs/reiserfs/namei.o > net/ipv4/route.c: At top level: > net/ipv4/route.c:3085:13: error: 'ip_rt_max_size' undeclared here (not > in a function) > net/ipv4/route.c: In function 'ip_rt_init': > net/ipv4/route.c:3325:2: warning: statement with no effect > [-Wunused-value] > net/ipv4/route.c:3334:2: warning: passing argument 1 of 'xfrm4_init' > makes integer from pointer without a cast [enabled by default] > include/net/xfrm.h:1336:13: note: expected 'int' but argument is of type > 'struct ctl_table *' > make[2]: *** [net/ipv4/route.o] Error 1 > make[1]: *** [net/ipv4] Error 2 > make: *** [net] Error 2 > make: *** Waiting for unfinished jobs.... It compiles fine here and I cannot find any problem. I will recheck with a new clone from rsbac.org git. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From aleph at mandriva.org Thu Aug 18 14:50:10 2011 From: aleph at mandriva.org (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Thu, 18 Aug 2011 05:50:10 -0700 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error Message-ID: <20110818055010.9b05b4e5e48d18b6dc565714b379f9f0.948488d996.wbe@email10.secureserver.net> > -------- Original Message -------- > Subject: Re: [rsbac] 3.0.3 net/ipv4/route.o compile error > From: Amon Ott > Date: Thu, August 18, 2011 1:20 pm > To: RSBAC Discussion and Announcements > > > On Thursday 18 August 2011 wrote Gergely L?nyai: > > CC net/ipv4/route.o > > CC [M] drivers/i2c/busses/i2c-intel-mid.o > > net/ipv4/route.c:115:1: error: expected identifier or '(' before '<<' > > token > > net/ipv4/route.c: In function 'rt_garbage_collect': > > net/ipv4/route.c:903:16: error: 'ip_rt_max_size' undeclared (first use > > in this function) > > net/ipv4/route.c:903:16: note: each undeclared identifier is reported > > only once for each function it appears in > > CC [M] fs/reiserfs/namei.o > > net/ipv4/route.c: At top level: > > net/ipv4/route.c:3085:13: error: 'ip_rt_max_size' undeclared here (not > > in a function) > > net/ipv4/route.c: In function 'ip_rt_init': > > net/ipv4/route.c:3325:2: warning: statement with no effect > > [-Wunused-value] > > net/ipv4/route.c:3334:2: warning: passing argument 1 of 'xfrm4_init' > > makes integer from pointer without a cast [enabled by default] > > include/net/xfrm.h:1336:13: note: expected 'int' but argument is of type > > 'struct ctl_table *' > > make[2]: *** [net/ipv4/route.o] Error 1 > > make[1]: *** [net/ipv4] Error 2 > > make: *** [net] Error 2 > > make: *** Waiting for unfinished jobs.... > > It compiles fine here and I cannot find any problem. I will recheck with a new > clone from rsbac.org git. > > Amon. Sorry. The above mail is fake. I attached the vanilla config. I attached the .config to x86_64 The vanilla kernel is compiling fine. Aleph --------- k?vetkez? r?sz --------- An embedded and charset-unspecified text was scrubbed... Name: .config URL: From aleph at mandriva.org Thu Aug 18 14:53:34 2011 From: aleph at mandriva.org (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Thu, 18 Aug 2011 05:53:34 -0700 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error Message-ID: <20110818055334.9b05b4e5e48d18b6dc565714b379f9f0.6576718dc2.wbe@email10.secureserver.net> > -------- Original Message -------- > Subject: Re: [rsbac] 3.0.3 net/ipv4/route.o compile error > From: Amon Ott > Date: Thu, August 18, 2011 1:20 pm > To: RSBAC Discussion and Announcements > > > On Thursday 18 August 2011 wrote Gergely L?nyai: > > CC net/ipv4/route.o > > CC [M] drivers/i2c/busses/i2c-intel-mid.o > > net/ipv4/route.c:115:1: error: expected identifier or '(' before '<<' > > token > > net/ipv4/route.c: In function 'rt_garbage_collect': > > net/ipv4/route.c:903:16: error: 'ip_rt_max_size' undeclared (first use > > in this function) > > net/ipv4/route.c:903:16: note: each undeclared identifier is reported > > only once for each function it appears in > > CC [M] fs/reiserfs/namei.o > > net/ipv4/route.c: At top level: > > net/ipv4/route.c:3085:13: error: 'ip_rt_max_size' undeclared here (not > > in a function) > > net/ipv4/route.c: In function 'ip_rt_init': > > net/ipv4/route.c:3325:2: warning: statement with no effect > > [-Wunused-value] > > net/ipv4/route.c:3334:2: warning: passing argument 1 of 'xfrm4_init' > > makes integer from pointer without a cast [enabled by default] > > include/net/xfrm.h:1336:13: note: expected 'int' but argument is of type > > 'struct ctl_table *' > > make[2]: *** [net/ipv4/route.o] Error 1 > > make[1]: *** [net/ipv4] Error 2 > > make: *** [net] Error 2 > > make: *** Waiting for unfinished jobs.... > > It compiles fine here and I cannot find any problem. I will recheck with a new > clone from rsbac.org git. > > Amon. My .config to x86_64: http://kenobi.mandriva.com/~aleph/rsbac-kernel-config-x86_64-20110819 The vanilla kernel is compiling fine. Aleph --------- k?vetkez? r?sz --------- An embedded and charset-unspecified text was scrubbed... Name: i386_defconfig URL: --------- k?vetkez? r?sz --------- An embedded and charset-unspecified text was scrubbed... Name: x86_64_defconfig URL: From ao at rsbac.org Tue Aug 23 12:34:51 2011 From: ao at rsbac.org (Amon Ott) Date: Tue, 23 Aug 2011 12:34:51 +0200 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error In-Reply-To: <20110818055010.9b05b4e5e48d18b6dc565714b379f9f0.948488d996.wbe@email10.secureserver.net> References: <20110818055010.9b05b4e5e48d18b6dc565714b379f9f0.948488d996.wbe@email10.secureserver.net> Message-ID: <201108231234.51371.ao@rsbac.org> On Thursday 18 August 2011 wrote Gergely L?nyai: > > -------- Original Message -------- > > Subject: Re: [rsbac] 3.0.3 net/ipv4/route.o compile error > > From: Amon Ott > > Date: Thu, August 18, 2011 1:20 pm > > To: RSBAC Discussion and Announcements > > > > On Thursday 18 August 2011 wrote Gergely L?nyai: > > > CC net/ipv4/route.o > > > CC [M] drivers/i2c/busses/i2c-intel-mid.o > > > net/ipv4/route.c:115:1: error: expected identifier or '(' before '<<' > > > token > > > net/ipv4/route.c: In function 'rt_garbage_collect': > > > net/ipv4/route.c:903:16: error: 'ip_rt_max_size' undeclared (first use > > > in this function) > > > net/ipv4/route.c:903:16: note: each undeclared identifier is reported > > > only once for each function it appears in > > > CC [M] fs/reiserfs/namei.o > > > net/ipv4/route.c: At top level: > > > net/ipv4/route.c:3085:13: error: 'ip_rt_max_size' undeclared here (not > > > in a function) > > > net/ipv4/route.c: In function 'ip_rt_init': > > > net/ipv4/route.c:3325:2: warning: statement with no effect > > > [-Wunused-value] > > > net/ipv4/route.c:3334:2: warning: passing argument 1 of 'xfrm4_init' > > > makes integer from pointer without a cast [enabled by default] > > > include/net/xfrm.h:1336:13: note: expected 'int' but argument is of > > > type 'struct ctl_table *' > > > make[2]: *** [net/ipv4/route.o] Error 1 > > > make[1]: *** [net/ipv4] Error 2 > > > make: *** [net] Error 2 > > > make: *** Waiting for unfinished jobs.... > > > > It compiles fine here and I cannot find any problem. I will recheck with > > a new clone from rsbac.org git. > > Sorry. The above mail is fake. I attached the vanilla config. > > I attached the .config to x86_64 > The vanilla kernel is compiling fine. Just compiles fine here, but I currently have no x86_64 system. Can you please recheck your git? You might need to git pull from rsbac.org with --rebase. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From gergely at lonyai.com Tue Aug 23 22:54:53 2011 From: gergely at lonyai.com (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Tue, 23 Aug 2011 13:54:53 -0700 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error Message-ID: <20110823135453.9b05b4e5e48d18b6dc565714b379f9f0.bb9bb1f8e5.wbe@email10.secureserver.net> > -------- Original Message -------- > Subject: Re: [rsbac] 3.0.3 net/ipv4/route.o compile error > From: Amon Ott > Date: Tue, August 23, 2011 12:34 pm > To: RSBAC Discussion and Announcements > > > On Thursday 18 August 2011 wrote Gergely L?nyai: > > > -------- Original Message -------- > > > Subject: Re: [rsbac] 3.0.3 net/ipv4/route.o compile error > > > From: Amon Ott > > > Date: Thu, August 18, 2011 1:20 pm > > > To: RSBAC Discussion and Announcements > > > > > > On Thursday 18 August 2011 wrote Gergely L?nyai: > > > > CC net/ipv4/route.o > > > > CC [M] drivers/i2c/busses/i2c-intel-mid.o > > > > net/ipv4/route.c:115:1: error: expected identifier or '(' before '<<' > > > > token > > > > net/ipv4/route.c: In function 'rt_garbage_collect': > > > > net/ipv4/route.c:903:16: error: 'ip_rt_max_size' undeclared (first use > > > > in this function) > > > > net/ipv4/route.c:903:16: note: each undeclared identifier is reported > > > > only once for each function it appears in > > > > CC [M] fs/reiserfs/namei.o > > > > net/ipv4/route.c: At top level: > > > > net/ipv4/route.c:3085:13: error: 'ip_rt_max_size' undeclared here (not > > > > in a function) > > > > net/ipv4/route.c: In function 'ip_rt_init': > > > > net/ipv4/route.c:3325:2: warning: statement with no effect > > > > [-Wunused-value] > > > > net/ipv4/route.c:3334:2: warning: passing argument 1 of 'xfrm4_init' > > > > makes integer from pointer without a cast [enabled by default] > > > > include/net/xfrm.h:1336:13: note: expected 'int' but argument is of > > > > type 'struct ctl_table *' > > > > make[2]: *** [net/ipv4/route.o] Error 1 > > > > make[1]: *** [net/ipv4] Error 2 > > > > make: *** [net] Error 2 > > > > make: *** Waiting for unfinished jobs.... > > > > > > It compiles fine here and I cannot find any problem. I will recheck with > > > a new clone from rsbac.org git. > > > > Sorry. The above mail is fake. I attached the vanilla config. > > > > I attached the .config to x86_64 > > The vanilla kernel is compiling fine. > > Just compiles fine here, but I currently have no x86_64 system. Can you please > recheck your git? You might need to git pull from rsbac.org with --rebase. > > Amon. I can't understand. I changed the network config, and I tried and... It compile fine. http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/kernel-rsbac/current/PATCHES/configs/x86_64.config?r1=694646&r2=696292 I submit the new kernel-3.0.3 to Mandriva repos. Aleph From aleph at mandriva.org Tue Aug 23 22:55:41 2011 From: aleph at mandriva.org (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Tue, 23 Aug 2011 13:55:41 -0700 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error Message-ID: <20110823135541.9b05b4e5e48d18b6dc565714b379f9f0.5fccaa578b.wbe@email10.secureserver.net> > -------- Original Message -------- > Subject: Re: [rsbac] 3.0.3 net/ipv4/route.o compile error > From: Amon Ott > Date: Tue, August 23, 2011 12:34 pm > To: RSBAC Discussion and Announcements > > > On Thursday 18 August 2011 wrote Gergely L?nyai: > > > -------- Original Message -------- > > > Subject: Re: [rsbac] 3.0.3 net/ipv4/route.o compile error > > > From: Amon Ott > > > Date: Thu, August 18, 2011 1:20 pm > > > To: RSBAC Discussion and Announcements > > > > > > On Thursday 18 August 2011 wrote Gergely L?nyai: > > > > CC net/ipv4/route.o > > > > CC [M] drivers/i2c/busses/i2c-intel-mid.o > > > > net/ipv4/route.c:115:1: error: expected identifier or '(' before '<<' > > > > token > > > > net/ipv4/route.c: In function 'rt_garbage_collect': > > > > net/ipv4/route.c:903:16: error: 'ip_rt_max_size' undeclared (first use > > > > in this function) > > > > net/ipv4/route.c:903:16: note: each undeclared identifier is reported > > > > only once for each function it appears in > > > > CC [M] fs/reiserfs/namei.o > > > > net/ipv4/route.c: At top level: > > > > net/ipv4/route.c:3085:13: error: 'ip_rt_max_size' undeclared here (not > > > > in a function) > > > > net/ipv4/route.c: In function 'ip_rt_init': > > > > net/ipv4/route.c:3325:2: warning: statement with no effect > > > > [-Wunused-value] > > > > net/ipv4/route.c:3334:2: warning: passing argument 1 of 'xfrm4_init' > > > > makes integer from pointer without a cast [enabled by default] > > > > include/net/xfrm.h:1336:13: note: expected 'int' but argument is of > > > > type 'struct ctl_table *' > > > > make[2]: *** [net/ipv4/route.o] Error 1 > > > > make[1]: *** [net/ipv4] Error 2 > > > > make: *** [net] Error 2 > > > > make: *** Waiting for unfinished jobs.... > > > > > > It compiles fine here and I cannot find any problem. I will recheck with > > > a new clone from rsbac.org git. > > > > Sorry. The above mail is fake. I attached the vanilla config. > > > > I attached the .config to x86_64 > > The vanilla kernel is compiling fine. > > Just compiles fine here, but I currently have no x86_64 system. Can you please > recheck your git? You might need to git pull from rsbac.org with --rebase. > > Amon. I can't understand. I changed the network config, and I tried and... It compile fine. http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/kernel-rsbac/current/PATCHES/configs/x86_64.config?r1=694646&r2=696292 I submit the new kernel-3.0.3 to Mandriva repos. Aleph From ao at rsbac.org Wed Aug 24 08:22:15 2011 From: ao at rsbac.org (Amon Ott) Date: Wed, 24 Aug 2011 08:22:15 +0200 Subject: [rsbac] 3.0.3 net/ipv4/route.o compile error In-Reply-To: <20110823135453.9b05b4e5e48d18b6dc565714b379f9f0.bb9bb1f8e5.wbe@email10.secureserver.net> References: <20110823135453.9b05b4e5e48d18b6dc565714b379f9f0.bb9bb1f8e5.wbe@email10.secureserver.net> Message-ID: <201108240822.15369.ao@rsbac.org> On Tuesday 23 August 2011 wrote Gergely L?nyai: > I can't understand. I changed the network config, and I tried and... It > compile fine. > http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/kernel-rsbac/cur >rent/PATCHES/configs/x86_64.config?r1=694646&r2=696292 I submit the new > kernel-3.0.3 to Mandriva repos. Alright, then I will treat this issue as solved. Maybe some kernel internal dependency missing or whatever. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22