[rsbac] Re: Re: secoff can't change anything
Thomas Mueller
news-exp-jun04 at tmueller.com
Thu Apr 15 11:29:13 CEST 2004
On Wed, 14 Apr 2004 16:28:29 +0200 Amon Ott wrote:
>> Apr 8 11:15:46 geht-schon kernel: debug_proc_write(): setting
> rsbac_debug_adf_rc to 1
>> Apr 8 11:16:03 geht-schon kernel: check_comp_rc(): rc_role is 5, rc_type
> is 4, request is MODIFY_ATTRIBUTE -> NOT_GRANTED!
>> Apr 8 11:16:03 geht-schon kernel: rsbac_adf_request(): request
>> MODIFY_ATTRIBUTE, pid 8333, ppid 8331, prog_name attr_set_file_d, uid
> 400,
>> target_type FILE, tid Device 03:05 Inode 64647 Path /bin/login, attr
>> rc_force_role, value 5, result NOT_GRANTED by GEN RC
>
> I think I can see the puzzle: You set force_role for /bin/login to 5, so
> when secoff logs in, the role 5 is kept. Please reset the force_role
> setting to inherit_parent_dir and set initial_role to 5.
Stupid me, yes that's the solution. Thanks a lot!
Thomas
--
http://www.tmueller.com for pgp key (95702B3B)
More information about the rsbac
mailing list