[rsbac] auth_set_cap gives RSBAC_EINVALIDTARGET
Klaus Holler
kho4l at gmx.at
Mon Oct 6 00:35:21 MEST 2003
Hi,
I recently changed from self-compiled rsbac-patched kernels to adamantix
kernel-image-2.4.20-1-k7-soft to try Peter's rsbac-secpolicy tool :-), but I
can't get over the following error:
trying the adamantix kernel image (having RSBAC 1.2.2-pre5 included) and the
corresponding rsbac-admin 1.2.2-9 utilities (both from www.adamantix.org
mirrors, running on a fresh Adamantix stable installation), I always get
"Error: RSBAC_EINVALIDTARGET" when trying to add AUTH capabilities for
daemons.
The error is triggered by using:
* the rsbac_menu -> file/dir -> enter a filename (e.g. /usr/sbin/sshd), then
add capabilities -> selected a userid -> Error: RSBAC_EINVALIDTARGET
* or via commandline: auth_set_cap FILE add "/usr/sbin/sshd" 0
First I thought that I had misconfigured the box and locked out security
officer (uid 400) inadvertedly; therefore I booted a non-rsbac kernel and
remove the rsbac.dat/ subdirectories on all mount points completely like
mentioned earlier on this list; on the next boot (starting with
"rsbac_auth_enable_login rsbac_softmode") it said "...generating standard
entries" as expected, but nothing changed ;-(
The following modules are active (ref. /proc/rsbac-info/stats): REG FF RC
AUTH ACL CAP JAIL RES.
Another strange effect: There are no meaningful RC default rule names
anymore, I see just garbage if I enter "0" as Role Number in the RC Role
Admin menu. I didn't manage to change the garbage, instead I get
RSBAC_EINVALIDMODULE.
Any hints? ... are very appreciated,
Klaus
--
Klaus Holler <gmx.at after kho4l@>
More information about the rsbac
mailing list