[rsbac] secoff can't change anything
Amon Ott
ao at rsbac.org
Thu Apr 8 08:52:10 CEST 2004
On Donnerstag, 8. April 2004 00:20, Thomas Mueller wrote:
> suddenly (at least I'm not aware of any changes I might have done) my
> secoff can't change anything. Whatever I do I get errors like this one
(in
> softmode):
>
> attr_set_file_dir FD /bin/login rc_force_role 5
> leads to:
> Apr 7 23:51:27 geht-schon kernel: rsbac_adf_request(): request
> MODIFY_ATTRIBUTE, pid 1254, ppid 1105, prog_name attr_set_file_d, uid
400,
> target_type FILE, tid Device 03:05 Inode 64647 Path /bin/login, attr
> rc_force_role, value 5, result NOT_GRANTED by GEN RC
>
> When using rsbac_menu I get messages like this one:
> Apr 7 23:44:58 geht-schon kernel: rsbac_rc_sys_get_item(): getting item
> of role 1 denied for pid 1197, user 400 - not in admin_roles!
>
> I'm running kernel 2.6.4 with RSBAC 1.2.3pre4.
>
> I've uploaded my kernel config and rsbac
> settings to http://www.tmueller.com/rsbac.tgz if that helps.
Your settings seem to be correct.
Can you please retry with rsbac_debug_adf_rc? You can use this as kernel
aparameter, or
echo debug_adf_rc 1 >/proc/rsbac-info/debug
I would like to see whether the current role is set correctly.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list