From igraltist at rsbac.org Sat Jul 9 03:10:10 2011 From: igraltist at rsbac.org (Jens Kasten) Date: Sat, 09 Jul 2011 03:10:10 +0200 Subject: [rsbac] kernel with cap module does not boot Message-ID: <1310173810.9711.13.camel@jaschtschik-pc> Hi list, I try the rsbac kernel from git 2.6.38.y with follow revision: commit 572a5f205fa6b7edc3e42c692b4db334cff2a07d My setup is on a kvm-qemu guest. cryptsetup + luks + root-partition ext4 Problem: When I configure the kernel to use the rsbac CAP module the kernel hangs short time after rsbac is initialized with full cpu using. See file rsbac_with_cap_only what I have enabled in rsbac. The kernel without CAP does not show the last issue, when using cryptsetup + luks + ext4. Small typo in include/rsbac/um.h: Last modified: 19/Apt/2011 Gr?sse Jens -------------- next part -------------- CONFIG_RSBAC=y # General RSBAC options # CONFIG_RSBAC_INIT_THREAD is not set CONFIG_RSBAC_PROC=y CONFIG_RSBAC_INIT_CHECK=y # CONFIG_RSBAC_NO_WRITE is not set # CONFIG_RSBAC_MSDOS_WRITE is not set CONFIG_RSBAC_AUTO_WRITE=5 CONFIG_RSBAC_RCU_RATE=1000 CONFIG_RSBAC_LIST_MAX_HASHES=128 CONFIG_RSBAC_LIST_CHECK_INTERVAL=1800 CONFIG_RSBAC_LIST_STATS=y CONFIG_RSBAC_LIST_TRANS=y CONFIG_RSBAC_LIST_TRANS_MAX_TTL=3600 CONFIG_RSBAC_LIST_TRANS_RANDOM_TA=y # CONFIG_RSBAC_FD_CACHE is not set CONFIG_RSBAC_DEBUG=y # CONFIG_RSBAC_DEV_USER_BACKUP is not set CONFIG_RSBAC_SECOFF_UID=400 CONFIG_RSBAC_INIT_DELAY=y CONFIG_RSBAC_GEN_NR_P_LISTS=4 # CONFIG_RSBAC_UM is not set # RSBAC networking options # CONFIG_RSBAC_NET is not set # CONFIG_RSBAC_MAINT is not set # CONFIG_RSBAC_REG is not set # CONFIG_RSBAC_AUTH is not set # CONFIG_RSBAC_RC is not set # CONFIG_RSBAC_ACL is not set # CONFIG_RSBAC_MAC is not set # CONFIG_RSBAC_DAZ is not set CONFIG_RSBAC_CAP=y CONFIG_RSBAC_CAP_PROC_HIDE=y CONFIG_RSBAC_CAP_AUTH_PROT=y CONFIG_RSBAC_CAP_LOG_MISSING=y CONFIG_RSBAC_CAP_LEARN=y CONFIG_RSBAC_CAP_LEARN_TA=0 # CONFIG_RSBAC_JAIL is not set # CONFIG_RSBAC_RES is not set # CONFIG_RSBAC_FF is not set # CONFIG_RSBAC_PM is not set CONFIG_RSBAC_SOFTMODE=y # CONFIG_RSBAC_SOFTMODE_SYSRQ is not set CONFIG_RSBAC_SOFTMODE_IND=y CONFIG_RSBAC_SWITCH=y CONFIG_RSBAC_SWITCH_ON=y CONFIG_RSBAC_SWITCH_BOOT_OFF=y CONFIG_RSBAC_SWITCH_CAP=y CONFIG_RSBAC_IND_LOG=y CONFIG_RSBAC_IND_USER_LOG=y CONFIG_RSBAC_IND_PROG_LOG=y CONFIG_RSBAC_LOG_PROGRAM_FILE=y CONFIG_RSBAC_LOG_FULL_PATH=y CONFIG_RSBAC_MAX_PATH_LEN=512 # CONFIG_RSBAC_LOG_PSEUDO is not set CONFIG_RSBAC_SYSLOG_RATE=y CONFIG_RSBAC_SYSLOG_RATE_DEF=1000 CONFIG_RSBAC_RMSG=y CONFIG_RSBAC_RMSG_MAXENTRIES=200 CONFIG_RSBAC_RMSG_NOSYSLOG=y # CONFIG_RSBAC_LOG_REMOTE is not set # CONFIG_RSBAC_SYM_REDIR is not set # CONFIG_RSBAC_ALLOW_DAC_DISABLE is not set # Other RSBAC options # CONFIG_RSBAC_SECDEL is not set # CONFIG_RSBAC_RW is not set # CONFIG_RSBAC_IPC_SEM is not set # CONFIG_RSBAC_DAC_OWNER is not set # CONFIG_RSBAC_DAC_GROUP is not set # CONFIG_RSBAC_PROC_HIDE is not set # CONFIG_RSBAC_FSOBJ_HIDE is not set # CONFIG_RSBAC_FREEZE is not set # CONFIG_RSBAC_SYSLOG is not set # CONFIG_RSBAC_IOCTL is not set # CONFIG_RSBAC_USER_CHOWN is not set # CONFIG_RSBAC_DAT_VISIBLE is not set # CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set # CONFIG_RSBAC_ENFORCE_CLOSE is not set # CONFIG_RSBAC_USER_MOD_IOPERM is not set # CONFIG_RSBAC_FAKE_ROOT_UID is not set # CONFIG_RSBAC_XSTATS is not set From jens at kasten-edv.de Sun Jul 10 21:55:49 2011 From: jens at kasten-edv.de (Jens Kasten) Date: Sun, 10 Jul 2011 21:55:49 +0200 Subject: [rsbac] kernel with cap module does not boot In-Reply-To: <1310173810.9711.13.camel@jaschtschik-pc> References: <1310173810.9711.13.camel@jaschtschik-pc> Message-ID: <1310327749.8328.2.camel@jaschtschik-pc> Hmm, I did make more tests and I got the old bug. Am Samstag, den 09.07.2011, 03:10 +0200 schrieb Jens Kasten: > Hi list, > > I try the rsbac kernel from git 2.6.38.y with follow revision: > commit 572a5f205fa6b7edc3e42c692b4db334cff2a07d > > My setup is on a kvm-qemu guest. > cryptsetup + luks + root-partition ext4 > > Problem: > When I configure the kernel to use the rsbac CAP module the kernel hangs > short time after rsbac is initialized with full cpu using. > See file rsbac_with_cap_only what I have enabled in rsbac. > > The kernel without CAP does not show the last issue, when using > cryptsetup + luks + ext4. > > Small typo in include/rsbac/um.h: > Last modified: 19/Apt/2011 > > Gr?sse > Jens > _______________________________________________ > rsbac mailing list > rsbac at rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac -------------- n?chster Teil -------------- [ 129.964551] BUG: unable to handle kernel NULL pointer dereference at (null) [ 129.966324] IP: [] jbd2_journal_file_inode+0x35/0xd0 [ 129.967788] *pde = 00000000 [ 129.968739] Oops: 0000 [#1] SMP [ 129.969838] last sysfs file: /sys/devices/virtual/bdi/0:17/uevent [ 129.971245] Modules linked in: nfs lockd nfs_acl auth_rpcgss sunrpc loop [la] [ 129.974258] [ 129.974518] Pid: 182, comm: rsbacd Not tainted 2.6.38.8-rsbac-5+ #6 Bochs Bos [ 129.974518] EIP: 0060:[] EFLAGS: 00010246 CPU: 2 [ 129.974518] EIP is at jbd2_journal_file_inode+0x35/0xd0 [ 129.974518] EAX: f585b000 EBX: f56dd0c0 ECX: 0000000c EDX: 00000000 [ 129.974518] ESI: 00000000 EDI: f4078800 EBP: 00000001 ESP: f56a7bc4 [ 129.974518] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 129.974518] Process rsbacd (pid: 182, ti=f56a6000 task=f55fef40 task.ti=f56a) [ 129.974518] Stack: [ 129.974518] f56a7cbc f5a18528 f58ea600 c1177df2 00000005 7fffffff 00000001 5 [ 129.974518] 00000001 c1178484 00001000 00000223 00000000 f585b000 00000000 0 [ 129.974518] f56a7d04 7ffffffe 00000000 00000002 00000000 00000000 f747caa0 0 [ 129.974518] Call Trace: [ 129.974518] [] ? mpage_da_map_and_submit+0x292/0x590 [ 129.974518] [] ? __pagevec_release+0x15/0x20 [ 129.974518] [] ? write_cache_pages_da+0x264/0x370 [ 129.974518] [] ? ext4_journal_start_sb+0xe7/0x120 [ 129.974518] [] ? tag_pages_for_writeback+0x62/0xb0 [ 129.974518] [] ? ext4_da_writepages+0x28a/0x4c0 [ 129.974518] [] ? ext4_da_write_end+0x11e/0x2d0 [ 129.974518] [] ? do_writepages+0x14/0x30 [ 129.974518] [] ? __filemap_fdatawrite_range+0x5f/0x80 [ 129.974518] [] ? filemap_write_and_wait_range+0x60/0x90 [ 129.974518] [] ? vfs_fsync_range+0x5d/0x90 [ 129.974518] [] ? generic_write_sync+0x58/0x80 [ 129.974518] [] ? generic_file_aio_write+0xa9/0xc0 [ 129.974518] [] ? ext4_file_write+0x5f/0x2b0 [ 129.974518] [] ? do_sync_write+0xb5/0xf0 [ 129.974518] [] ? rsbac_list_write_buffers+0xdb/0x2f0 [ 129.974518] [] ? rsbac_write_lists+0x18b/0x4f0 [ 129.974518] [] ? __switch_to+0xdb/0x1b0 [ 129.974518] [] ? schedule_timeout+0x165/0x1b0 [ 129.974518] [] ? vsnprintf+0xbd/0x420 [ 129.974518] [] ? __wake_up+0x42/0x60 [ 129.974518] [] ? rsbac_write+0x2d/0xb0 [ 129.974518] [] ? up+0xb/0x40 [ 129.974518] [] ? rsbacd+0x1ca/0x2a0 [ 129.974518] [] ? complete+0x3f/0x60 [ 129.974518] [] ? rsbacd+0x0/0x2a0 [ 129.974518] [] ? kthread+0x74/0x80 [ 129.974518] [] ? kthread+0x0/0x80 [ 129.974518] [] ? kernel_thread_helper+0x6/0x18 [ 129.974518] Code: 89 7c 24 08 89 d6 8b 18 f6 40 10 04 8b 3b 74 16 b8 fb ff f [ 129.974518] EIP: [] jbd2_journal_file_inode+0x35/0xd0 SS:ESP 0068:4 [ 129.974518] CR2: 0000000000000000 [ 130.028180] ---[ end trace 4fbbb5a5b3b6802b ]--- From ao at rsbac.org Wed Jul 13 12:30:06 2011 From: ao at rsbac.org (Amon Ott) Date: Wed, 13 Jul 2011 12:30:06 +0200 Subject: [rsbac] compile message In-Reply-To: <1308524612.9008.6.camel@jaschtschik-pc> References: <1308524612.9008.6.camel@jaschtschik-pc> Message-ID: <201107131230.06365.ao@rsbac.org> On Monday 20 June 2011 wrote Jens Kasten: > kernel 2.6.32.41 > I get on compiling the kernel that message: > > rsbac/data_structures/aci_data_structures.c: In function > ?stats_proc_show?: > rsbac/data_structures/aci_data_structures.c:3091: warning: comparison of > unsigned expression >= 0 is always true > > I grep for fd_count and on line 2925 is it defined as u_long. > > On line 3090 the variable get an assigning: > fd_count = rsbac_list_count(device_p->handles.gen); > > Means that compiler warning, even if function rsbac_list_count would > return a negative value it would never be assigned as a negative value > to fd_count because its defined as unsigned long? Well spotted! Fixed in Git repos. Thanks. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From ao at rsbac.org Thu Jul 14 16:52:33 2011 From: ao at rsbac.org (Amon Ott) Date: Thu, 14 Jul 2011 16:52:33 +0200 Subject: [rsbac] New git repo for 2.6.39 Message-ID: <201107141652.34234.ao@rsbac.org> Hi everyone! RSBAC has been successfully ported to 2.6.39.3, you find a new git repo at http://git.rsbac.org. Please test it and report so that we can make a new release soon. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From aleph at mandriva.org Thu Jul 14 20:05:07 2011 From: aleph at mandriva.org (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Thu, 14 Jul 2011 11:05:07 -0700 Subject: [rsbac] New git repo for 2.6.39 Message-ID: <20110714110507.9b05b4e5e48d18b6dc565714b379f9f0.6f631ab751.wbe@email10.secureserver.net> > -------- Original Message -------- > Subject: [rsbac] New git repo for 2.6.39 > From: Amon Ott > Date: Thu, July 14, 2011 4:52 pm > To: RSBAC Discussion and Announcements > > > Hi everyone! > > RSBAC has been successfully ported to 2.6.39.3, you find a new git repo at > http://git.rsbac.org. Please test it and report so that we can make a new > release soon. > > Amon. Thank you! Aleph From aleph at mandriva.org Thu Jul 14 23:33:02 2011 From: aleph at mandriva.org (Gergely =?UTF-8?Q?L=C3=B3nyai?=) Date: Thu, 14 Jul 2011 14:33:02 -0700 Subject: [rsbac] New git repo for 2.6.39 Message-ID: <20110714143302.9b05b4e5e48d18b6dc565714b379f9f0.082a706489.wbe@email10.secureserver.net> > -------- Original Message -------- > Subject: [rsbac] New git repo for 2.6.39 > From: Amon Ott > Date: Thu, July 14, 2011 4:52 pm > To: RSBAC Discussion and Announcements > > > Hi everyone! > > RSBAC has been successfully ported to 2.6.39.3, you find a new git repo at > http://git.rsbac.org. Please test it and report so that we can make a new > release soon. > > Amon. > -- Hi, Do I see good to need the rsbac-admin-1.4.6 to this kernel? How get this version of rsbac-admin? Aleph From igraltist at rsbac.org Fri Jul 15 00:06:31 2011 From: igraltist at rsbac.org (Jens Kasten) Date: Fri, 15 Jul 2011 00:06:31 +0200 Subject: [rsbac] New git repo for 2.6.39 In-Reply-To: <201107141652.34234.ao@rsbac.org> References: <201107141652.34234.ao@rsbac.org> Message-ID: <1310681191.9767.3.camel@jaschtschik-pc> Hi, first i try with almost all enabled. Then i got the first compiler error for reg module. Then the second i build a kernel only with AUTH and boot it. The second entry is from this boot. When i try to setup AUTH auth_learn for sshd then i got this bug. The setup is on qemu-kvm guest -> cryptsetup -> lvm -> ext4 Am Donnerstag, den 14.07.2011, 16:52 +0200 schrieb Amon Ott: > Hi everyone! > > RSBAC has been successfully ported to 2.6.39.3, you find a new git repo at > http://git.rsbac.org. Please test it and report so that we can make a new > release soon. > > Amon. -------------- next part -------------- [ 660.850209] BUG: unable to handle kernel NULL pointer dereference at (null) [ 660.852570] IP: [] jbd2_journal_file_inode+0x35/0xd0 [ 660.854240] *pde = 00000000 [ 660.855335] Oops: 0000 [#1] SMP [ 660.856589] last sysfs file: /sys/devices/virtual/bdi/0:17/uevent [ 660.858169] Modules linked in: nfs lockd auth_rpcgss nfs_acl sunrpc loop [last unloaded: scsi_wait_] [ 660.860021] [ 660.860021] Pid: 231, comm: rsbacd Tainted: G W 2.6.39.3-rsbac+ #1 Bochs Bochs [ 660.860021] EIP: 0060:[] EFLAGS: 00010246 CPU: 2 [ 660.860021] EIP is at jbd2_journal_file_inode+0x35/0xd0 [ 660.860021] EAX: f5894000 EBX: f558f900 ECX: 0000000c EDX: 00000000 [ 660.860021] ESI: 00000000 EDI: f5614800 EBP: f5614800 ESP: f56c7ba4 [ 660.860021] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 660.860021] Process rsbacd (pid: 231, ti=f56c6000 task=f5555440 task.ti=f56c6000) [ 660.860021] Stack: [ 660.860021] f5a242d8 f56c7c9c 00000001 c113198c 00000005 00000001 f56c7c9c c10a9775 [ 660.860021] 00000000 c1131ec5 00001000 00000223 00000001 f56c7c9c f5894000 00000000 [ 660.860021] 00000000 f56c7ce4 f5a243a0 f5a242d8 00000002 00000000 00000000 f746eb40 [ 660.860021] Call Trace: [ 660.860021] [] ? mpage_da_map_and_submit+0x4ac/0x5d0 [ 660.860021] [] ? __pagevec_release+0x15/0x20 [ 660.860021] [] ? write_cache_pages_da+0x2e5/0x330 [ 660.860021] [] ? ext4_journal_start_sb+0x50/0x130 [ 660.860021] [] ? tag_pages_for_writeback+0x62/0xb0 [ 660.860021] [] ? ext4_da_writepages+0x232/0x410 [ 660.860021] [] ? ext4_da_write_end+0x11e/0x2d0 [ 660.860021] [] ? do_writepages+0x14/0x30 [ 660.860021] [] ? __filemap_fdatawrite_range+0x5f/0x80 [ 660.860021] [] ? filemap_write_and_wait_range+0x60/0x90 [ 660.860021] [] ? vfs_fsync_range+0x5d/0x90 [ 660.860021] [] ? generic_write_sync+0x58/0x80 [ 660.860021] [] ? generic_file_aio_write+0xcb/0xe0 [ 660.860021] [] ? ext4_file_write+0x5f/0x2b0 [ 660.860021] [] ? do_sync_write+0xb5/0xf0 [ 660.860021] [] ? rsbac_list_write_buffers+0xdb/0x2f0 [ 660.860021] [] ? fill_buffer+0x75/0x250 [ 660.860021] [] ? rsbac_write_lists+0x18b/0x4f0 [ 660.860021] [] ? __switch_to+0xdb/0x1b0 [ 660.860021] [] ? schedule_timeout+0x165/0x1b0 [ 660.860021] [] ? vsnprintf+0xbd/0x420 [ 660.860021] [] ? __wake_up+0x42/0x60 [ 660.860021] [] ? rsbac_write+0x2d/0xb0 [ 660.860021] [] ? up+0xb/0x40 [ 660.860021] [] ? rsbacd+0x1df/0x2d0 [ 660.860021] [] ? complete+0x3f/0x60 [ 660.860021] [] ? dev_compare+0x70/0x70 [ 660.860021] [] ? kthread+0x74/0x80 [ 660.860021] [] ? kthread_worker_fn+0x160/0x160 [ 660.860021] [] ? kernel_thread_helper+0x6/0xd [ 660.860021] Code: 89 7c 24 08 89 d6 8b 18 f6 40 10 04 8b 3b 74 16 b8 fb ff ff ff 8b 1c 24 8b 74 24 [ 660.860021] 1a 74 4f 39 5a 04 8d 74 26 00 74 46 8d 87 fc 01 00 00 e8 33 [ 660.860021] EIP: [] jbd2_journal_file_inode+0x35/0xd0 SS:ESP 0068:f56c7ba4 [ 660.860021] CR2: 0000000000000000 [ 660.925639] ---[ end trace 0f40efb72cddaaad ]--- -------------- next part -------------- rsbac/adf/reg/modules_off.c: In Funktion ?init_module?: rsbac/adf/reg/modules_off.c:65: Fehler: Implizite Deklaration der Funktion ?path_lookup? make[3]: *** [rsbac/adf/reg/modules_off.o] Fehler 1 make[2]: *** [rsbac/adf/reg] Fehler 2 make[1]: *** [rsbac/adf] Fehler 2 make: *** [rsbac] Fehler 2 [ 8.030137] ------------[ cut here ]------------ [ 8.031470] WARNING: at fs/namei.c:1979 rsbac_lookup_one_len+0xe2/0x100() [ 8.033199] Hardware name: Bochs [ 8.034213] Modules linked in: [last unloaded: scsi_wait_scan] [ 8.036000] Pid: 228, comm: exe Not tainted 2.6.39.3-rsbac+ #1 [ 8.037109] Call Trace: [ 8.037748] [] ? warn_slowpath_common+0x78/0xb0 [ 8.038826] [] ? rsbac_lookup_one_len+0xe2/0x100 [ 8.039916] [] ? rsbac_lookup_one_len+0xe2/0x100 [ 8.041030] [] ? warn_slowpath_null+0x1b/0x20 [ 8.042074] [] ? rsbac_lookup_one_len+0xe2/0x100 [ 8.043156] [] ? mempool_alloc+0x46/0x100 [ 8.044170] [] ? lookup_aci_path_dentry+0x18c/0x5c0 [ 8.045300] [] ? cpumask_next_and+0x1f/0x40 [ 8.046320] [] ? rsbac_read_open+0x3c/0x330 [ 8.047334] [] ? do_read_list+0x2f/0x860 [ 8.048321] [] ? do_read_list+0x49/0x860 [ 8.049309] [] ? pvclock_clocksource_read+0xf5/0x190 [ 8.050466] [] ? read_list+0x4c/0x140 [ 8.051410] [] ? cpumask_next_and+0x1f/0x40 [ 8.052428] [] ? update_sd_lb_stats+0xf8/0x560 [ 8.053489] [] ? check_preempt_wakeup+0x97/0xe0 [ 8.054565] [] ? zone_watermark_ok+0x30/0x40 [ 8.055605] [] ? __alloc_pages_nodemask+0xfd/0x700 [ 8.056707] [] ? __kmalloc+0x101/0x160 [ 8.057667] [] ? lookup_reg_name+0x59/0xf0 [ 8.058678] [] ? rsbac_list_register_hashed+0x447/0x820 [ 8.059853] [] ? rsbac_list_register_hashed+0x4a2/0x820 [ 8.061095] [] ? debug_adf_default_setup+0x10/0x10 [ 8.062207] [] ? idr_get_empty_slot+0xfc/0x280 [ 8.063259] [] ? new_slab+0x12c/0x1d0 [ 8.064215] [] ? number+0x348/0x360 [ 8.065614] [] ? ida_get_new_above+0x81/0x1c0 [ 8.066696] [] ? idr_get_empty_slot+0xfc/0x280 [ 8.067750] [] ? ida_get_new_above+0x109/0x1c0 [ 8.068803] [] ? format_decode+0x321/0x390 [ 8.069812] [] ? vsnprintf+0xbd/0x420 [ 8.070783] [] ? rsbac_list_register+0x50/0x60 [ 8.071837] [] ? debug_adf_default_setup+0x10/0x10 [ 8.072943] [] ? rsbac_init_debug+0x205/0x540 [ 8.073997] [] ? debug_adf_default_setup+0x10/0x10 [ 8.075106] [] ? rsbac_init+0x2c5/0x11e0 [ 8.076092] [] ? __wake_up+0x42/0x60 [ 8.077026] [] ? rsbac_printk+0x18b/0x200 [ 8.078016] [] ? rsbac_printk+0x18b/0x200 [ 8.079010] [] ? rsbac_mount+0x297/0x6d0 [ 8.079995] [] ? vfs_kern_mount+0x68/0xb0 [ 8.081015] [] ? do_kern_mount+0x3f/0xe0 [ 8.081994] [] ? do_mount+0x1c7/0x2c0 [ 8.082929] [] ? sys_mount+0x72/0xb0 [ 8.083875] [] ? syscall_call+0x7/0xb [ 8.084832] ---[ end trace 0f40efb72cddaaac ]--- From ao at rsbac.org Fri Jul 15 08:01:59 2011 From: ao at rsbac.org (Amon Ott) Date: Fri, 15 Jul 2011 08:01:59 +0200 Subject: [rsbac] New git repo for 2.6.39 In-Reply-To: <20110714143302.9b05b4e5e48d18b6dc565714b379f9f0.082a706489.wbe@email10.secureserver.net> References: <20110714143302.9b05b4e5e48d18b6dc565714b379f9f0.082a706489.wbe@email10.secureserver.net> Message-ID: <201107150801.59768.ao@rsbac.org> On Thursday 14 July 2011 wrote Gergely L?nyai: > > -------- Original Message -------- > > Subject: [rsbac] New git repo for 2.6.39 > > From: Amon Ott > > Date: Thu, July 14, 2011 4:52 pm > > To: RSBAC Discussion and Announcements > > > > > > Hi everyone! > > > > RSBAC has been successfully ported to 2.6.39.3, you find a new git repo > > at http://git.rsbac.org. Please test it and report so that we can make a > > new release soon. > > > > Amon. > > -- > > Hi, > > Do I see good to need the rsbac-admin-1.4.6 to this kernel? How get this > version of rsbac-admin? Any 1.4 tools package should work fine. However, you also find current rsbac-admin in git, see git.rsbac.org. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From ao at rsbac.org Fri Jul 15 08:42:05 2011 From: ao at rsbac.org (Amon Ott) Date: Fri, 15 Jul 2011 08:42:05 +0200 Subject: [rsbac] New git repo for 2.6.39 In-Reply-To: <1310681191.9767.3.camel@jaschtschik-pc> References: <201107141652.34234.ao@rsbac.org> <1310681191.9767.3.camel@jaschtschik-pc> Message-ID: <201107150842.05859.ao@rsbac.org> On Friday 15 July 2011 wrote Jens Kasten: > Then i got the first compiler error for reg module. REG module compiles now, should work as expected. Not tested yet, though. Git updated. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From ao at rsbac.org Fri Jul 15 10:07:56 2011 From: ao at rsbac.org (Amon Ott) Date: Fri, 15 Jul 2011 10:07:56 +0200 Subject: [rsbac] New git repo for 2.6.39 In-Reply-To: <1310681191.9767.3.camel@jaschtschik-pc> References: <201107141652.34234.ao@rsbac.org> <1310681191.9767.3.camel@jaschtschik-pc> Message-ID: <201107151007.56741.ao@rsbac.org> On Friday 15 July 2011 wrote Jens Kasten: > Then the second i build a kernel only with AUTH and boot it. > The second entry is from this boot. > > When i try to setup AUTH auth_learn for sshd then i got this bug. > > The setup is on qemu-kvm guest -> cryptsetup -> lvm -> ext4 This is a bit more difficult. Do you have RSBAC secure delete enabled? Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 From jens at kasten-edv.de Fri Jul 15 17:42:47 2011 From: jens at kasten-edv.de (Jens Kasten) Date: Fri, 15 Jul 2011 17:42:47 +0200 Subject: [rsbac] New git repo for 2.6.39 In-Reply-To: <201107151007.56741.ao@rsbac.org> References: <201107141652.34234.ao@rsbac.org> <1310681191.9767.3.camel@jaschtschik-pc> <201107151007.56741.ao@rsbac.org> Message-ID: <1310744567.3927.5.camel@jaschtschik-pc> I reduce the rsbac kernel configuration to only AUTH modul enabled. The combination of cryptsetup + lvm + ext4 does trigger the bug. Next try is cryptsetup + ext4 but if I remeber, other does say this work. Then lvm + ext4 as try after. Am Freitag, den 15.07.2011, 10:07 +0200 schrieb Amon Ott: > On Friday 15 July 2011 wrote Jens Kasten: > > Then the second i build a kernel only with AUTH and boot it. > > The second entry is from this boot. > > > > When i try to setup AUTH auth_learn for sshd then i got this bug. > > > > The setup is on qemu-kvm guest -> cryptsetup -> lvm -> ext4 > > This is a bit more difficult. Do you have RSBAC secure delete enabled? > > Amon.