service secadm start - output - control channel error code 1
28 views
Skip to first unread message
Radek X
Nov 17, 2017, 10:13:01 AM11/17/17
to HardenedBSD Users
secadm_rule_ops. error code 1
uname - K
1101506
uname - K
1101506
Oliver Pinter
Nov 17, 2017, 3:51:51 PM11/17/17
to Radek X, HardenedBSD Users
sh /usr/share/examples/hardenedbsd/hbsdcontrol.sh system mprotect
disable /usr/local/lib/firefox/firefox
sh /usr/share/examples/hardenedbsd/hbsdcontrol.sh system pageexec
disable /usr/local/lib/firefox/firefox
uname -K
1101506
disable /usr/local/lib/firefox/firefox
sh /usr/share/examples/hardenedbsd/hbsdcontrol.sh system pageexec
disable /usr/local/lib/firefox/firefox
uname -K
1101506
Uwe Trenkner
Nov 18, 2017, 8:56:33 AM11/18/17
to us...@hardenedbsd.org
Hi Radek and Oliver,
could you please be a little more explicit, so that we can all benefit
from this discussion.
Radek, when do you encounter the error message?
Oliver, is this a general problem with secadm in the latest HBSD
release? And Is your proposal the officially suggested work-around to
make secadm work under the latest release (I have not yet upgraded and
now I will wait until the dust has settled)?
Thanks
Uwe.
could you please be a little more explicit, so that we can all benefit
from this discussion.
Radek, when do you encounter the error message?
Oliver, is this a general problem with secadm in the latest HBSD
release? And Is your proposal the officially suggested work-around to
make secadm work under the latest release (I have not yet upgraded and
now I will wait until the dust has settled)?
Thanks
Uwe.
Oliver Pinter
Nov 18, 2017, 9:49:16 AM11/18/17
to Uwe Trenkner, us...@hardenedbsd.org
On Saturday, November 18, 2017, Uwe Trenkner <utr...@gmail.com> wrote:
Hi Radek and Oliver,
could you please be a little more explicit, so that we can all benefit
from this discussion
I just answer with the same verbosity as the question is. :-)
Radek, when do you encounter the error message?
Oliver, is this a general problem with secadm in the latest HBSD
release?
I not use secadm, instead I use the hbsdcontrol stuff. It is limited only to the pax feature setting and it work based on filesystem extended attributes and no kernel module needs for it. It's in kernel since a half year and enabled by default.
And Is your proposal the officially suggested work-around to
make secadm work under the latest release (I have not yet upgraded and
now I will wait until the dust has settled)
It's not a workaround, the kernel side of the implementation is finished, but I'm working user space tool as my time permits. Until I not finished the hbsdcontrol userspace component, there is a same functionality shell script under the doc directory.
We use them on our jenkins instance since a 2 year and I use them internally 3 years.
Radek X
Nov 18, 2017, 12:33:05 PM11/18/17
to HardenedBSD Users
Secadm 0.5.1 in version 1101506 does not work with "files".rule downloaded from
github https://github.com/HardenedBSD/secadm-rules
When I try it according to your UWE suggestion.;
# secadm load -f /path/to/firefox.rule the output is
output.;:no rules
When i was trying check if secam is working on system
service secam start output is
secadm_rule_ops. error code 1
when you use.: gen-secadm-rules.csh that is including in github
output.: control channel returnet error code 1
According to info in github there is strange info.; secadm requirement.: freeBSD 12 current.
Thanks to Oliver
github https://github.com/HardenedBSD/secadm-rules
When I try it according to your UWE suggestion.;
# secadm load -f /path/to/firefox.rule the output is
output.;:no rules
When i was trying check if secam is working on system
service secam start output is
secadm_rule_ops. error code 1
when you use.: gen-secadm-rules.csh that is including in github
output.: control channel returnet error code 1
According to info in github there is strange info.; secadm requirement.: freeBSD 12 current.
Thanks to Oliver
Reply all
Reply to author
Forward
0 new messages