[rsbac] some problems with acl and dev

Amon Ott rsbac@rsbac.org
Mon Nov 25 09:28:01 2002

On Sunday, 24. November 2002 11:39, Josh Beagley wrote:
> Using 1.2.1 with all latest bugfixes and 2.4.19 kernel.
> Problem: I am attemting to grant a normal user the ability to mount cdroms.
> I attemtped to allow mount permission to /dev/hdc (my cdrom device) for
> specified user, but as secoff I get an error saying:
> rsbac_acl_sys_add_to_acl_entry(): adding rights
> 000000000000000000000000000000000000000000000000000 for USER 1000 to DEV
> block 22:00 denied for user 400!

What command did you use? It should look like

acl_grant USER 1000 MOUNT UMOUNT DEV /dev/hdc

What rights does user 400 have?

acl_rights -p -u 400 DEV /dev/hdc
> Is this perhaps the incorrect way of allowing a normal user to mount? (All
> non-rsbac configuration is correct, eg fstab)

The line of zeroes means that no rights were to be added. This is strange in 
the first place. Still, it should work, if 400 has sufficient rights.
> As a side question, in order to get the kernel version to display rsbac,
> where exactly in the kernel source should i do touch Makefile?

Touch the main Makefile, after make menuconfig.