[rsbac] How to set target_type FILE Path socket:/[25924]
Amon Ott
ao at rsbac.org
Thu Apr 29 12:59:23 CEST 2004
On Thursday 29 April 2004 12:47, Thomas Mueller wrote:
> I reduced the FD rights of every process to its required minimum using
the
> RC model. Now I have only left for example:
>
> Apr 29 12:15:28 geht-schon kernel: rsbac_adf_request(): request
> GET_STATUS_DATA, pid 539, ppid 1, prog_name exim4, uid 105, target_type
> FILE, tid Device 00:04 Inode 25924 Path socket:/[25924], attr none, value
> 0, result NOT_GRANTED by GEN RC
>
> How can I set these rights?
> attr_set_file_dir FD socket:/ ...
>
> 'target_type FILE' means I have to set the rights using
'attr_set_file_dir
> FD' ?
This is in socketfs, a special filesystem to keep sockets. Its files will
always have RC type 0. If you want to treat them differently, create a new
type "fs default", copy all rights to type 0 to the new type, and assign
it to /. Then you can grant rights to type 0 to cover these special
filesystems.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list