documentation:rsbac_handbook:upgrading
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| documentation:rsbac_handbook:upgrading [2005/09/20 07:50] – (old revision restored) 127.0.0.1 | documentation:rsbac_handbook:upgrading [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | This document provides information on upgrading from each RSBAC version to another. Please always read it before you upgrade to a new version ! | ||
| - | |||
| - | ===== Upgrading from v1.2.4 to v1.2.5-pre ===== | ||
| - | * Compile and install new version as usual, but with Softmode and RSBAC own logging support (see [[@download/ | ||
| - | * Reboot into new kernel with kernel parameters rsbac_softmode and rsbac_nosyslog - the system will most likely be unusable without them. | ||
| - | * You can get at the new logging source with "cat / | ||
| - | * RC: Add IOCTL right for all roles to DEV and NETOBJ types as required - the log will tell you. It is advisable to use the new device major objects (rsbac_rc_role_menu). | ||
| - | * RC: Add GET_PERMISSIONS_DATA and MODIFY_PERMISSIONS_DATA rights for all roles to tty devices as required - the log will tell you. It is advisable to use the new device major objects (rsbac_rc_role_menu). | ||
| - | * RC/ACL: Add GET_STATUS_DATA and MODIFY_SYSTEM_DATA rights to the new SCD targets quota, sysctl, nfsd, ksyms and mlock as required. | ||
| - | * RC/ACL: Add ADD_TO_KERNEL and REMOVE_FROM_KERNEL rights to the swap devices and files (DEV and FILE targets) as required. | ||
| - | * ACL: Add IOCTL right for all subjects to DEV and NETOBJ objects as required - the log will tell you. It is advisable to use the new device major ACLs (rsbac_acl_menu). | ||
| - | * Restart important services, e.g. sshd, and check for problematic log messages. | ||
| - | * When the system seems to run fine without problems, reboot without softmode (you can turn off softmode with " | ||
| - | * (optional) When happy, recompile kernel without softmode and reinstall. | ||
| - | * Report any missing items or problems to the mailing list and/or the [[http:// | ||
| - | |||
| - | |||
| - | ===== Upgrading from v1.2.3 to v1.2.4 ===== | ||
| - | * Compile and install new version as usual, but with Softmode support (see [[@download/ | ||
| - | * Reboot into new kernel with kernel parameter rsbac_softmode. | ||
| - | * If the system is unusable because of too many logging messages running through, enable RSBAC own log facility in RSBAC kernel configuration (if not yet there), reinstall (dito) and turn off syslog logging with rsbac_nosyslog kernel parameter. You can get at the new logging source with rsbac_klogd from admin tools contrib or "cat / | ||
| - | * RC: Add GET_STATUS_DATA right for all roles to NETOBJ types as required - the log will tell you (rsbac_rc_role_menu). | ||
| - | * RC: With option "RC check access to UNIX partner process": | ||
| - | * RC: With User management: Add rights for all roles to USER and GROUP types as required - the log will tell you (rsbac_rc_role_menu). | ||
| - | * ACL: With User management: Add rights to USER and GROUP :DEFAULT: or individual users and groups as required - the log will tell you (rsbac_acl_menu). | ||
| - | * Restart important services, e.g. sshd, and check for problematic log messages. | ||
| - | * When the system seems to run fine without problems, reboot without softmode (you can turn off softmode with " | ||
| - | * (optional) When happy, recompile kernel without softmode and reinstall. | ||
| - | * Report any missing items or problems to the mailing list and/or the [[http:// | ||
| - | |||
| - | |||
| - | ===== Upgrading from v1.2.2 to v1.2.3 ===== | ||
| - | * Compile and install new version as usual, but with Softmode support (see Quick install FIXME). Attention: After installing the new admin tools, you can only use the proc interface to change settings! | ||
| - | * JAIL: Change all calls to rsbac_jail tool in your init scripts to the new syntax: chroot-dir and IP are now optional with -R and -I. You should consider using the new Linux capability limitation in JAIL module. | ||
| - | * Reboot into new kernel with kernel parameter rsbac_softmode. | ||
| - | * If the system is unusable because of too many logging messages running through, enable RSBAC own log facility in RSBAC kernel configuration (if not yet there), reinstall (dito) and turn off syslog logging with rsbac_nosyslog kernel parameter. You can get at the new logging source with rsbac_klogd from admin tools contrib or "cat / | ||
| - | * RC: Add GET_STATUS_DATA and MODIFY_SYSTEM_DATA right for all roles to DEV and PROCESS types as required - the log will tell you (rsbac_rc_role_menu). | ||
| - | * ACL: Add GET_STATUS_DATA and MODIFY_SYSTEM_DATA right to DEV and PROCESS :DEFAULT: ACLs as required (rsbac_acl_menu). | ||
| - | * MAC: " | ||
| - | * Restart important services, e.g. sshd, and check for problematic log messages. | ||
| - | * When the system seems to run fine without problems, reboot without softmode (you can turn off softmode with " | ||
| - | * (optional) When happy, recompile kernel without softmode and reinstall. | ||
| - | * Report any missing items or problems to the mailing list and/or the [[http:// | ||
documentation/rsbac_handbook/upgrading.1127202619.txt.gz · Last modified: 2006/05/02 13:40 (external edit)