MAC portacl Module Not loading (7.1)

Hi every one I am in need of some help.

On a 64bit install of 7.1-p4 I get the following:
Code:
kldload: can't load mac_portacl.ko: Exec format error

That was directly through kldload mac_portacl.ko

So I got the drive wiped and 32bit (-p0? no updates)put on and
Code:
kldload mac_portacl.ko
kldload: can't load mac_portacl.ko: No such file or directory

Then I noticed in dmesg:
Code:
KLD mac_portacl.ko: depends on kernel_mac_support - not available


On my 7.0 boxes I do not have this issue, I have been able to just set the syctls and the module loads fine. I even tried mac_portacl_load="YES" in rc.conf

From my research of "kernel_mac_support" it suggests I must compile this into my kernel, something I 100% sure have not done on my last two 7.0 production boxes (I ditched cvsup and custom kernels and moved to freebsd-update)


Also on a unrelated issue, IPNAT does not seem to work either! ipl loads fine, no errors can be found yet redirect rules do not work.


I am starting to wonder if 7.1 is the new 5.4 :r My hardware, Intel Atom is not support in 7.0 or I would try that. The hardware is the reason why I do not want to spend hours making world etc.


I am getting all of my configs from notes I made when setting up my other production boxes, along with double checking on the live boxes so I am at a loss as to why things will not work smoothly on 7.1

Any input welcome thanks!
 
Check the output of kldstat -v and look for the mac support (on both the 7.0 and 7.1 box). That might help figure out where the problem is.
 
For some reason, I can not find mention of mac on the 7.0 box neither in kldstat (including -v) nor sysctl (even though I have all my settings for the module in /etc/sysctl.conf)

I can bind to all ports lower than 1024 as non root (This should not happen) on the 7.0 box!! I only just noticed this, clearly something is horribly wrong, worse than I first thought. It should only be allowing binding to port 80 for the uids that I setup.

If the module is not loaded then what else would allow for this to happen?

Can any one comment on why that would happen??
 
woop said:
For some reason, I can not find mention of mac on the 7.0 box neither in kldstat (including -v) nor sysctl (even though I have all my settings for the module in /etc/sysctl.conf)

I can bind to all ports lower than 1024 as non root (This should not happen) on the 7.0 box!! I only just noticed this, clearly something is horribly wrong, worse than I first thought. It should only be allowing binding to port 80 for the uids that I setup.

If the module is not loaded then what else would allow for this to happen?

Can any one comment on why that would happen??

Check the following sysctls (here's the defaults):

Code:
net.inet.ip.portrange.reservedlow: 0
net.inet.ip.portrange.reservedhigh: 1023
 
Back
Top