[rsbac] strange error

[Bencsath Boldizsar]

bingo, thanks:
secoff@home:~$ /usr/local/bin/rc_get_item ROLE 3  def_fd_create_type
0
secoff@home:~$ /usr/local/bin/rc_set_item ROLE 3  def_fd_create_type -2
secoff@home:~$ /usr/local/bin/rc_get_item ROLE 3  def_fd_create_type
4294967294

Ok, the sympton is clear, but the reason:

The file I created with backup1.1.2 contains:
rc_set_item -V 66049 ROLE 3 def_fd_create_type 0
While the same the a backup_all contains:
rc_set_item ROLE 3 admin_type 2
rc_set_item ROLE 3 def_fd_create_type 65
rc_set_item ROLE 3 def_process_create_type 65
rc_set_item ROLE 3 def_process_chown_type 68
rc_set_item ROLE 3 def_process_execute_type 64
rc_set_item ROLE 3 def_ipc_create_type 0

I also noticed that backup_1.1.2 does not always do all the neccessary
get_status settings (mostly for not-default permissions), so take care
while upgrading from 1.1.2 !

Thanks for the help,
boldizsar

--------------------------------
Bencsath Boldizsar
boldi@mail2002.etl.hu
--------------------------------

On Wed, 23 Oct 2002, Amon Ott wrote:

> Am Dienstag, 22. Oktober 2002 18:03 schrieb Bencsath Boldizsar:
> > On one of my computers, with my 2.4.19+pre8 kernel (rsbac 1.2.1) ;
> > (Debian) I tried to install a new libc6 package (2.3.1).
> > After installing I found strange problems, and I could not boot normally
> > with rsbac kernel.
> >
> > Investigating for the problem I found , that every file that was updated
> > by the apt-get install method was created with "rc_type_fd 0" (general
> > file FD), no with the "inhereted" (-2) parameters, so there were no
> > permissions to map_exec (etc.) them.
> >
> > I fixed the problem by attr_back_fd -r /lib |grep "type_fd 0" |sed "s/fd
> > 0/fd -2/g" >/tmp/a; sh /tmp/a something...
>
> Looks like your installation role had a def_fd_create_type of 0 instead of -2.
>
> Amon.
> _______________________________________________
> rsbac mailing list
> rsbac@rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
>
>