[rsbac] rsbac 1.2.1 - problem with X configuration?
rsbac@rsbac.org
rsbac@rsbac.org
Sun Sep 29 18:01:02 2002
Hi all,
I cannot run X as a common user with RSBAC 1.2.1, even though the "X support (normal user ...)" kernel configuration option is on. Error messages of both X and RSBAC are same as the option was not set.
X error message:
*************************************
(EE) ATI(0): Cannot open /dev/mem
Fatal server error:
xf86MapVidMem: failed to open /dev/mem (Operation not permitted)
**************************************
RSBAC error message:
*************************************
Sep 29 16:47:02 vltava kernel: rsbac_adf_request(): request GET_STATUS_DATA, pid 1120, ppid 1119, prog_name X, uid 500, target_type SCD, tid kmem, attr none, value 0, result NOT_GRANTED by RC ACL
Sep 29 16:47:02 vltava last message repeated 2 times
*************************************
Kernel configuration option - RSBAC section:
*************************************************
#
# Rule Set Based Access Control (RSBAC)
#
CONFIG_RSBAC=y
#
# General RSBAC options
#
CONFIG_RSBAC_INIT_THREAD=y
CONFIG_RSBAC_MAX_INIT_TIME=60
CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
# CONFIG_RSBAC_NO_WRITE is not set
# CONFIG_RSBAC_MSDOS_WRITE is not set
CONFIG_RSBAC_AUTO_WRITE=5
# CONFIG_RSBAC_DEBUG is not set
CONFIG_RSBAC_DEV_USER_BACKUP=y
CONFIG_RSBAC_SECOFF_UID=400
# CONFIG_RSBAC_MAINT is not set
#
# RSBAC networking options
#
CONFIG_RSBAC_NET=y
CONFIG_RSBAC_NET_DEV=y
# CONFIG_RSBAC_NET_DEV_VIRT is not set
CONFIG_RSBAC_IND_NETDEV_LOG=y
CONFIG_RSBAC_NET_OBJ=y
# CONFIG_RSBAC_NET_OBJ_UNIX is not set
# CONFIG_RSBAC_NET_OBJ_RW is not set
CONFIG_RSBAC_IND_NETOBJ_LOG=y
#
# Decision module (policy) options
#
CONFIG_RSBAC_REG=y
CONFIG_RSBAC_REG_SAMPLES=y
# CONFIG_RSBAC_MAC is not set
# CONFIG_RSBAC_FC is not set
# CONFIG_RSBAC_SIM is not set
# CONFIG_RSBAC_PM is not set
# CONFIG_RSBAC_MS is not set
CONFIG_RSBAC_FF=y
CONFIG_RSBAC_FF_AUTH_PROT=y
CONFIG_RSBAC_FF_GEN_PROT=y
CONFIG_RSBAC_RC=y
CONFIG_RSBAC_RC_AUTH_PROT=y
CONFIG_RSBAC_RC_GEN_PROT=y
CONFIG_RSBAC_RC_BACKUP=y
CONFIG_RSBAC_RC_NET_DEV_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_PROT=y
CONFIG_RSBAC_AUTH=y
CONFIG_RSBAC_AUTH_AUTH_PROT=y
CONFIG_RSBAC_ACL=y
# CONFIG_RSBAC_ACL_SUPER_FILTER is not set
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_GEN_PROT=y
CONFIG_RSBAC_ACL_BACKUP=y
CONFIG_RSBAC_ACL_NET_DEV_PROT=y
CONFIG_RSBAC_ACL_NET_OBJ_PROT=y
CONFIG_RSBAC_CAP=y
CONFIG_RSBAC_CAP_AUTH_PROT=y
CONFIG_RSBAC_JAIL=y
CONFIG_RSBAC_JAIL_NET_ADJUST=y
CONFIG_RSBAC_JAIL_NET_DEV_PROT=y
#
# Softmode and switching
#
# CONFIG_RSBAC_SWITCH is not set
# CONFIG_RSBAC_SOFTMODE is not set
#
# Logging
#
CONFIG_RSBAC_IND_LOG=y
CONFIG_RSBAC_IND_USER_LOG=y
CONFIG_RSBAC_IND_PROG_LOG=y
CONFIG_RSBAC_LOG_FULL_PATH=y
CONFIG_RSBAC_MAX_PATH_LEN=1024
CONFIG_RSBAC_RMSG=y
# CONFIG_RSBAC_RMSG_EXCL is not set
# CONFIG_RSBAC_RMSG_NOSYSLOG is not set
#
# Symlink redirection
#
# CONFIG_RSBAC_SYM_REDIR is not set
#
# Linux DAC
#
# CONFIG_RSBAC_ALLOW_DAC_DISABLE is not set
#
# Other options
#
CONFIG_RSBAC_SECDEL=y
# CONFIG_RSBAC_RW is not set
# CONFIG_RSBAC_IPC_SEM is not set
# CONFIG_RSBAC_SYSLOG is not set
# CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set
CONFIG_RSBAC_USER_MOD_IOPERM=y
CONFIG_RSBAC_XSTATS=y
*************************************************
I deleted old RSBAC settings ([root@vltava rsbac.dat]# rm -f * , with kernel without RSBAC) before running the new version.
The question is: did I some configuration mistake, or is ther a problem in RSBAC?
Thank you.
--
Karel Diviš
GPG key: 00CF58DD @ www.keyserver.net
Key fingerprint: 399D A3E3 3877 8086 3E8E 4F48 6B5C F7D2 00CF 58DD