[rsbac] rsbac_jail & postfix

Czakó Krisztián rsbac@rsbac.org
Thu Aug 22 11:31:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I try to start Postfix in an rsbac_jail, but have some problems.
The postfix master process could not bind to its sockets (public/cleanup,
public/rewrite, etc.).
I've started rsbac_jail with -r -l -n -v and IP 0.0.0.0 for the test.
With standard chroot it works.
What am I doing wrong?

Here's the cleanup line from master.cf:
cleanup   unix  n       -       -       -       0       cleanup

This is the message from RSBAC:
rsbac_adf_request(): request CREATE, pid 6077, ppid 6013, prog_name
master, uid 0, target_type DIR, tid Device 58:07 Inode 17658 Path
/var//lib/jails/mail//var/spool/postfix/public, attr none, value 0,
result NOT_GRANTED by JAIL

And the log message from postfix:
Aug 21 15:42:12 localhost postfix/master[6077]: fatal: bind:
public/cleanup: Operation not permitted

This is the kernel config:
CONFIG_RSBAC=y
CONFIG_RSBAC_INIT_THREAD=y
CONFIG_RSBAC_MAX_INIT_TIME=60
CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
CONFIG_RSBAC_AUTO_WRITE=5
CONFIG_RSBAC_DEBUG=y
CONFIG_RSBAC_SECOFF_UID=400
CONFIG_RSBAC_NET=y
CONFIG_RSBAC_NET_DEV=y
CONFIG_RSBAC_NET_DEV_VIRT=y
CONFIG_RSBAC_IND_NETDEV_LOG=y
CONFIG_RSBAC_NET_OBJ=y
CONFIG_RSBAC_NET_OBJ_UNIX=y
CONFIG_RSBAC_NET_OBJ_RW=y
CONFIG_RSBAC_IND_NETOBJ_LOG=y
CONFIG_RSBAC_MAC=y
CONFIG_RSBAC_MAC_DEF_INHERIT=y
CONFIG_RSBAC_MAC_AUTH_PROT=y
CONFIG_RSBAC_MAC_NET_DEV_PROT=y
CONFIG_RSBAC_MAC_NET_OBJ_PROT=y
CONFIG_RSBAC_RC=y
CONFIG_RSBAC_RC_AUTH_PROT=y
CONFIG_RSBAC_RC_NET_DEV_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_PROT=y
CONFIG_RSBAC_AUTH=y
CONFIG_RSBAC_AUTH_AUTH_PROT=y
CONFIG_RSBAC_ACL=y
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_NET_DEV_PROT=y
CONFIG_RSBAC_ACL_NET_OBJ_PROT=y
CONFIG_RSBAC_CAP=y
CONFIG_RSBAC_CAP_AUTH_PROT=y
CONFIG_RSBAC_JAIL=y
CONFIG_RSBAC_JAIL_NET_ADJUST=y
CONFIG_RSBAC_JAIL_NET_DEV_PROT=y
CONFIG_RSBAC_SWITCH=y
CONFIG_RSBAC_SOFTMODE=y
CONFIG_RSBAC_SOFTMODE_SYSRQ=y
CONFIG_RSBAC_SOFTMODE_IND=y
CONFIG_RSBAC_IND_LOG=y
CONFIG_RSBAC_IND_USER_LOG=y
CONFIG_RSBAC_IND_PROG_LOG=y
CONFIG_RSBAC_LOG_FULL_PATH=y
CONFIG_RSBAC_MAX_PATH_LEN=1024
CONFIG_RSBAC_RMSG=y
CONFIG_RSBAC_RMSG_NOSYSLOG=y
CONFIG_RSBAC_ALLOW_DAC_DISABLE=y
CONFIG_RSBAC_ALLOW_DAC_DISABLE_PART=y
CONFIG_RSBAC_SECDEL=y
CONFIG_RSBAC_RW=y
CONFIG_RSBAC_XSTATS=y

Regards,
Slapic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE9ZK7HCF6okiny5rwRAq7SAJ9+Q9Q5ehFtA114KSQjTgajWWm/zACdGJNv
E+mOXQ4fTjtj+z4XaqXbYQo=
=4HFX
-----END PGP SIGNATURE-----