[rsbac] Newbie: 2.4.18+1.2.1 doesn't start, complains of invalid device

Tomasz Korycki rsbac@rsbac.org
Sat Oct 5 06:27:01 2002 

Hi, list!

A newbie here, but I'll try to make it brief: RSBAC kernel never starts, 
complains about invalid device until syslog fills /var. Here's how I got there:

1. Downloaded a patched kernel 2.4.18 + 1.2.1 from rsbac.org, then 
admin-1.2.1 from the same place;
2. did make config according to the .ru instructions, enabling only RC, 
AUTH, ACL and MAC and making sure I had only "<module> protection for AUTH" 
enabled - compilation failed, I started disabling things, finally succeded 
after having *only* AUTH enabled;
3. did touch Makefile;make dep;make bzImage;make modules;make 
modules_install;mkinitrd (with the 2.4.18-rsbac modules);
4. moved the kernel into /boot, edited lilo.conf (with 
append=rsbac_auth_enable_login), ran lilo;
5. created secoff/400, gave it a password;
6. rebooted - I never got any prompt, I don't think even klogd/syslog 
started, as I had no trace of that boot left. The console was drowned in 
messages:
rsbac_get_attr(): Could not lookup device 03:12
rsbac_adf_request(): rsbac_get_attr() for internal returned EINVALIDDEV!

03:12 is the root partition (/dev/hda12, reiserfs 3.x, reiserfs is compiled 
into the kernel), /dev/hda1 is /boot, ext2

7. rebooted normal kernel, did make config again, made the maintenance 
kernel, lilo'd and rebooted - same result;
8. rebooted normal kernel, did make config, this time I enabled "more 
choices" and "soft mode", made new kernel/initrd
9. added rsbac_softmode to append in lilo.conf, ran lilo, rebooted again - 
same result, but this time those messages got written to syslog. Since I 
saw rc scripts being run, I decided to wait. After a while syslog/messages 
grew to over 120MB each and my /var was gone.
10. rebooted normal kernel - at this point I assumed I made a mistake 
configuring the kernel, so I disabled RSBAC completely to test it (after 
cleaning /var) - did the usual make and so on.
11. rebooted - I booted without any errors;
12. I now reenabled RSBAC at it's most minimal I could think of: just AUTH, 
no frills of any sort, only soft mode. Made new kernel and so on, ran lilo;
13. rebooted - same story as in 9.

OK, I'm stuck. Here is (heavily pruned) copy of the last /var/log/messages:
----------------------------- start -------------------------
Oct  4 17:03:17 switch syslogd 1.4-0: restart.
Oct  4 17:03:17 switch kernel: klogd 1.4-0, log source = /proc/kmsg started.
Oct  4 17:03:17 switch kernel: Inspecting /boot/System.map
Oct  4 17:03:17 switch kernel: Loaded 5 symbols from 1 module.
Oct  4 17:03:17 switch kernel: INVALIDDEV!
Oct  4 17:03:17 switch kernel: rsbac_get_attr(): Could not lookup device 03:12!
Oct  4 17:03:17 switch kernel: rsbac_adf_request(): rsbac_get_attr() for 
internal returned EINVALIDDEV!
Oct  4 17:03:17 switch kernel: rsbac_get_attr(): Could not lookup device 03:12!
Oct  4 17:03:17 switch kernel: rsbac_adf_request(): rsbac_get_attr() for 
internal returned EINVALIDDEV!
Oct  4 17:03:17 switch kernel: rsbac_get_attr(): Could not lookup device 03:12!
Oct  4 17:03:17 switch kernel: rsbac_adf_request(): rsbac_get_attr() for 
internal returned EINVALIDDEV!
Oct  4 17:03:17 switch kernel: rsbac_get_attr(): Could not lookup device 03:12!
------------------- end --------------

ANd that's how it continues. Every once in a while there are some other 
messages, either indicating another rc script completion, or other RSBAC 
complaints like:
-------------------- start -------------
Oct  4 17:03:17 switch kernel: rsbac_adf_set_attr_auth(): rsbac_get_attr() 
returned error!
Oct  4 17:03:17 switch kernel: rsbac_adf_set_attr(): request EXECUTE, 
caller_pid 1426, target-type FILE, tid Device 03:12 Inode 13299 Path 
/sbin/consoletype, new_target-type NONE, new_tid NONE, attr none, value 0, 
error -1003
Oct  4 17:03:17 switch kernel: do_execve() [sys_execve]: 
rsbac_adf_set_attr() returned error
-------------------- end ---------------
  which I sort-of expected to see (since nothing is configured), but then 
it comes back the EINVALIDDEV pair of messages.

Questions:
1. Has anyone seen this? I went through the archive, but couldn't find 
anything like this - which month/year did I skip?
2. Is there something I am missing, something bleeding obvious?
3. Is there anything more I should do that would tell me (and You) where 
does the problem originate?
4. Finally: is it a problem with software, or just with my lack of patience 
and /var space?

Any morsels of wisdom will be gratefully accepted - I liked the idea 
tremendously, but would really like to try it out... ;)