[rsbac] Re: secoff can't change anything
Thomas Mueller
news-exp-jun04 at tmueller.com
Thu Apr 8 11:20:35 CEST 2004
On Thu, 08 Apr 2004 08:52:10 +0200 Amon Ott wrote:
>> I've uploaded my kernel config and rsbac
>> settings to http://www.tmueller.com/rsbac.tgz if that helps.
>
> Your settings seem to be correct.
>
> Can you please retry with rsbac_debug_adf_rc? You can use this as kernel
> aparameter, or
> echo debug_adf_rc 1 >/proc/rsbac-info/debug
> I would like to see whether the current role is set correctly.
Not too much output:
Apr 8 11:15:46 geht-schon kernel: debug_proc_write(): setting rsbac_debug_adf_rc to 1
Apr 8 11:16:03 geht-schon kernel: check_comp_rc(): rc_role is 5, rc_type is 4, request is MODIFY_ATTRIBUTE -> NOT_GRANTED!
Apr 8 11:16:03 geht-schon kernel: rsbac_adf_request(): request
MODIFY_ATTRIBUTE, pid 8333, ppid 8331, prog_name attr_set_file_d, uid 400,
target_type FILE, tid Device 03:05 Inode 64647 Path /bin/login, attr
rc_force_role, value 5, result NOT_GRANTED by GEN RC
Thomas
--
http://www.tmueller.com for pgp key (95702B3B)
More information about the rsbac
mailing list