how to install and setup cap from p4?

Ilmar S. Habibulin ilmar at watson.org
Thu Jan 10 11:18:18 GMT 2002 


On Wed, 9 Jan 2002, Brian F. Feldman wrote:

> These are the exact steps I followed in setting up my system, at least, with
> the exception of really one thing: I set
> kern.security.bsd.suser_compat_hack_enabled=1 in my /boot/loader.conf.
> Other than this, I don't know what the problem could be (except that somehow
> the binaries might not have the proper capabilities set on them....)
>
> I went from a -CURRENT system and upgraded to a TrustedBSD-CAP system, so I
> know for certain I made the upgrade path work...
Ok, let's start again.
I have intalled -current. Then i've made buildworld and buildkenrel.
Then i do `extattrctl initattr -p {/,/usr,/var} 24
{/,/usr,/var}/.attribute/system/posix1e.cap` and rebooted the system.
My -current kernel has EXTATTR_AUTOSTART option enabled.
After reboot i make installworld and installkernel, add
"kern.security.bsd.suser_compat_hack_enabled=1" to /boot/loader.conf and
reboot. Automatic reboot failed :(
Different day - same effect. If i comment out CR_SUSER_DISABLED flag check
in string 438 of kern_cap.c, the i manage to boot. Any suggestions?
I don't think that i have such a curve hands that i'm unable to turn
capabilities on. Maybe something wrong with the operations sequence?

PS. I tryed all this with out posix1e.cap - same effect.
PSS. I'll type system messages:
init: setlogin() failed: Operation not permitted
init: set class 'daemon' resource limit datasize: Operation not permitted
init: set class 'daemon' resource limit stacksize: Operation not permitted
init: set class 'daemon' resource limit memorylocked: Operation not permitted
init: set class 'daemon' resource limit maxproc: Operation not permitted
init: set class 'daemon' resource limit openfiles: Operation not permitted
Entropy harvesting:sysctl: kern.random.sys.harvest.point_to_point: Operation not permitted
swapon: /dev/ad0s2b: Operation not permitted
<fsck checks OK>
mount: /dev/ad0s2a: Operation not permitted
mount: /dev/ad0s2f: Operation not permitted
mount: /dev/ad0s2e: Operation not permitted
procfs: Operation not permitted
Mounting /etc/fstab filesystems failed, startup aborted
etc.



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list