[prev in list] [next in list] [prev in thread] [next in thread]
List: lids-user
Subject: Re: [lids-user] Re: (urgent queries) LIDS 1.2 for Kernel Version
From: Yusuf Wilajati Purna <ywpurna () users ! sourceforge ! net>
Date: 2004-03-31 14:49:27
Message-ID: 406ADA77.4090806 () users ! sourceforge ! net
[Download RAW message or body]
Hi,
Deeptish Dey wrote:
> Hello Purna,
>
>
>>I think it depends on the ACLs and lids caps for the SHUTDOWN state.
>>Usually, in lids 1.1.X, a user will do 'lidsadm -S -- -LIDS_GLOBAL'
>>before reboot/shutdown the system. This is to make sure
>>that the system can be cleanly brought down. The SHUTDOWN state
>>gives an option to set the system into a loosely protected state but
>>not so open as without protection.
>>
>>But, if with lids 1.1.X you can cleanly shutdown the system, you can
>>just try first with empty lids.shutdown.conf and
>>lids.shutdown.cap in lids 1.2.X.
>>
>
>
>
> Tried your suggestion emptied lids.shutdown.conf, moreover allowed all
> capabilities in lids.shutdown.cap, But the system gets hanged while trying
> to ifdown eth0.
>
Had you done "#lidsadm -S -- +SHUTDOWN" before shutdowning the system?
> But the same is working in lids.1.1, and I don't have to switch to
> lids_globally OFF, just shutdown works fine.
>
> I guess that lids-1.1 and 1.2 works differently, and when I type shutdown
> from the root prompt there is no way to switch to SHUTDOWN state, and in
> POSTBOOT CAP_NET_ADMIN is 0, so it will not be able to bring down the
> system gracefully.
>
I am not pretty sure what do you mean, here.
SHUTDOWN state is only the name of a state. Currently, there is no
way to switch to SHUTDOWN state without 'lidsadm -S -- +SHUTDOWN'.
> For automated rebooting for prolonged power-cut at the weekend this
> automatic shutdown is necessary.
Okay, maybe you can try with the configs for lids 1.1 as they are,
and just use empty lids.XXX.conf and lids.XXX.cap.
> -----------
> Also, if we do -CAP_SYS_BOOT, in POSTBOOT.cap, and RELOAD, reboot still
> works (of course hanging while trying to bring down eth0). -CAP_SYS_BOOT
> should shop root from using reboot(), shutdown(), init 0, init 6 etc.
> isn't it?
>
Currently, for CAP_SYS_BOOT, LIDS only treats it as in the
standard kernel. It means that disabling CAP_SYS_BOOT from the whole
system only prevents a process from calling the reboot(2) system call.
It doesn't yet prevent a process from executing init(8), reboot(8),
shutdown(8). Thus, rebooting the system when CAP_SYS_BOOT is not
available mostly ends up with system hanging.
Regards,
purna
--
Yusuf Wilajati Purna <ywpurna@users.sourceforge.net>
1024D/7354A078
Key fingerprint = 7F4F 8433 C65F 3502 BC93 F529 BFDE F939 7354 A078
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
lids-user mailing list
lids-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lids-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic