First Boot

If the recommended AUTH model has been included, you will have to use the kernel parameter rsbac_auth_enable_login when for the first time booting an RSBAC kernel. This parameter makes the init code set the auth_may_setuid flag for /bin/login to allow this program to CHANGE_OWNER.

Also with AUTH, several daemons will fail to run, because they are not allowed to setuid to their designated user IDs. The necessary AUTH capabilities will have to be set later.

After boot, you should login as root and create a user account with ID 400, which is the Security Officer etc. account in the default settings. You will need it for administration.

As a first task, the Security Officer (ID 400) should now set the AUTH capabilities for the failing daemons with 'rsbac_fd_menu filename'. You will find the necessary values from the denied CHANGE_OWNER requests in the system log.