[rsbac] rsbac_jail & postfix

Amon Ott rsbac@rsbac.org
Sat Aug 24 14:45:02 2002
Previous message: [rsbac] rsbac_jail & postfix
Next message: [rsbac] rsbac_jail & postfix
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--------------Boundary-00=_E5MCNXZNQA5G42Y2239G
Content-Type: text/plain;
  charset="iso-8859-2"
Content-Transfer-Encoding: 8bit

On Friday, 23. August 2002 13:19, Czako Krisztian wrote:
> I try to solve my problem :)
> It seems to be a bug in the jail, because JAIL rejects all unix domain bind
> calls. I've tried nscd, mysqld and postfix.
> RSBAC JAIL thinks it's a DIR CREATE call (case T_DIR at line 312 in
> jail_main.c) and returns NOT_GRANTED. For testing, I've replaced this
> NOT_GRANTED (line 312 in jail_main.c) with DO_NOT_CARE and unix socket bind
> now works in the jail.

Please use the attached patch against rsbac/adf/jail/jail_main.c to get it 
working correctly - well, at least it worked here with nscd, so please give 
me some feedback.
 
> The compilation problem also seems to be a bug in the source. I think it's a
> missing #ifdef. Something like this (NOTE THAT THIS PATCH NOT TESTED AT
> ALL!):
> --- linux.old/rsbac/adf/rc/rc_main.c	Fri Aug 16 11:33:26 2002
> +++ linux/rsbac/adf/rc/rc_main.c	Thu Aug 22 17:08:43 2002
> @@ -87,6 +87,7 @@
>            i_rc_item = RI_type_comp_nettemp;
>            i_attr = A_rc_type_nt;
>            break;
> +#ifdef CONFIG_RSBAC_RC_NET_OBJ_PROT
>          case T_NETOBJ:
>            i_rc_item = RI_type_comp_netobj;
>            if(rsbac_net_remote_request(request))
> @@ -94,6 +95,7 @@
>            else
>              i_attr = A_local_rc_type;
>            break;
> +#endif
>          case T_USER:
>            return(NOT_GRANTED);
>          default:

Correct, that's the place. Somehow I thought, this case does not get called, 
so I don't need to #ifdef here. Corrected, patch against 
rsbac/adf/rc/rc_main.c attached.

Amon.
--
http://www.rsbac.org

--------------Boundary-00=_E5MCNXZNQA5G42Y2239G
Content-Type: text/x-diff;
  charset="iso-8859-2";
  name="jail-unix.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="jail-unix.diff"

LS0tIGphaWxfbWFpbi5jfglXZWQgQXVnIDE0IDE1OjM2OjI5IDIwMDIKKysrIGphaWxfbWFpbi5j
CVNhdCBBdWcgMjQgMTM6NTU6MzggMjAwMgpAQCAtMzE2LDggKzMxNiw4IEBACiAgICAgICAgICAg
ICAgICAgICAgIHJldHVybiBHUkFOVEVEOwogICAgICAgICAgICAgICAgICAgLyogbm8gbWtub2Qg
Zm9yIGRldmljZXMgKi8KICAgICAgICAgICAgICAgICAgIGlmKCAgIChhdHRyID09IEFfY3JlYXRl
X2RhdGEpCi0gICAgICAgICAgICAgICAgICAgICAmJiAoICAgKGF0dHJfdmFsLmNyZWF0ZV9kYXRh
Lm1vZGUgJiBTX0lGQ0hSKQotICAgICAgICAgICAgICAgICAgICAgICAgIHx8IChhdHRyX3ZhbC5j
cmVhdGVfZGF0YS5tb2RlICYgU19JRkJMSykKKyAgICAgICAgICAgICAgICAgICAgICYmICggICBT
X0lTQ0hSKGF0dHJfdmFsLmNyZWF0ZV9kYXRhLm1vZGUpCisgICAgICAgICAgICAgICAgICAgICAg
ICAgfHwgU19JU0JMSyhhdHRyX3ZhbC5jcmVhdGVfZGF0YS5tb2RlKQogICAgICAgICAgICAgICAg
ICAgICAgICAgKQogICAgICAgICAgICAgICAgICAgICApCiAgICAgICAgICAgICAgICAgICAgIHJl
dHVybiBOT1RfR1JBTlRFRDsK

--------------Boundary-00=_E5MCNXZNQA5G42Y2239G
Content-Type: text/x-diff;
  charset="iso-8859-2";
  name="rc_netobj.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="rc_netobj.diff"

LS0tIHJjX21haW4uY34JRnJpIEF1ZyAxNiAxMTozMzoyNiAyMDAyCisrKyByY19tYWluLmMJU2F0
IEF1ZyAyNCAxNDowNDozMCAyMDAyCkBAIC03OSwxMCArNzksMTMgQEAKICAgICAgICAgICBpX3Jj
X2l0ZW0gPSBSSV90eXBlX2NvbXBfaXBjOwogICAgICAgICAgIGlfYXR0ciA9IEFfcmNfdHlwZTsK
ICAgICAgICAgICBicmVhazsKKyNpZiBkZWZpbmVkKENPTkZJR19SU0JBQ19SQ19ORVRfREVWX1BS
T1QpCiAgICAgICAgIGNhc2UgVF9ORVRERVY6CiAgICAgICAgICAgaV9yY19pdGVtID0gUklfdHlw
ZV9jb21wX25ldGRldjsKICAgICAgICAgICBpX2F0dHIgPSBBX3JjX3R5cGU7CiAgICAgICAgICAg
YnJlYWs7CisjZW5kaWYKKyNpZiBkZWZpbmVkKENPTkZJR19SU0JBQ19SQ19ORVRfT0JKX1BST1Qp
CiAgICAgICAgIGNhc2UgVF9ORVRURU1QOgogICAgICAgICAgIGlfcmNfaXRlbSA9IFJJX3R5cGVf
Y29tcF9uZXR0ZW1wOwogICAgICAgICAgIGlfYXR0ciA9IEFfcmNfdHlwZV9udDsKQEAgLTk0LDYg
Kzk3LDcgQEAKICAgICAgICAgICBlbHNlCiAgICAgICAgICAgICBpX2F0dHIgPSBBX2xvY2FsX3Jj
X3R5cGU7CiAgICAgICAgICAgYnJlYWs7CisjZW5kaWYKICAgICAgICAgY2FzZSBUX1VTRVI6CiAg
ICAgICAgICAgcmV0dXJuKE5PVF9HUkFOVEVEKTsKICAgICAgICAgZGVmYXVsdDoKQEAgLTM0OSwx
NSArMzUzLDE5IEBACiAgICAgICAgIGNhc2UgVF9JUEM6CiAgICAgICAgICAgaV9yY19pdGVtID0g
UklfdHlwZV9jb21wX2lwYzsKICAgICAgICAgICBicmVhazsKKyNpZiBkZWZpbmVkKENPTkZJR19S
U0JBQ19SQ19ORVRfREVWX1BST1QpCiAgICAgICAgIGNhc2UgVF9ORVRERVY6CiAgICAgICAgICAg
aV9yY19pdGVtID0gUklfdHlwZV9jb21wX25ldGRldjsKICAgICAgICAgICBicmVhazsKKyNlbmRp
ZgorI2lmIGRlZmluZWQoQ09ORklHX1JTQkFDX1JDX05FVF9PQkpfUFJPVCkKICAgICAgICAgY2Fz
ZSBUX05FVFRFTVA6CiAgICAgICAgICAgaV9yY19pdGVtID0gUklfdHlwZV9jb21wX25ldHRlbXA7
CiAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIGNhc2UgVF9ORVRPQko6CiAgICAgICAgICAgaV9y
Y19pdGVtID0gUklfdHlwZV9jb21wX25ldG9iajsKICAgICAgICAgICBicmVhazsKKyNlbmRpZgog
ICAgICAgICBjYXNlIFRfVVNFUjoKICAgICAgICAgICByZXR1cm4oTk9UX0dSQU5URUQpOwogICAg
ICAgICBkZWZhdWx0Ogo=

--------------Boundary-00=_E5MCNXZNQA5G42Y2239G--
Previous message: [rsbac] rsbac_jail & postfix
Next message: [rsbac] rsbac_jail & postfix
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]