[rsbac] Problem with RSBAC 1.2.4 pre3 and Kernel 2.4.27
Amon Ott
ao at rsbac.org
Mon Dec 20 15:08:51 CET 2004
On Montag, 20. Dezember 2004 14:54, Patrique Wolfrum wrote:
> as written in my last messages, I had problems getting RSBAC 1.2.3
> working with my existing installation (RSBAC Admintools weren't able
to
> display the existing RC_Roles and RC_FDs). As I was goint to test
> several diagnostic steps, which Amon Ott emailed to me last week,
> suddenly the RSBAC Admintools 1.2.4 pre3, which I tried after a
> suggestion from Amon Ott in case some bug in RSBAC 1.2.3 was causing
the
> describe behaviour), displayed all RC_Roles and RC_FDs. As it seemed
to
> be working now, I added the boot-role and adjusted several other
roles
> accordingly. In Softmode the system booted ,after several
corrections to
Good, so the system seems to work.
> the bootrole correctly. Without the softmode, mingetty and the bash
> started to be quite troublesome, since they insisted to make a call
> which RSBAC denied:
>
> rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 1645, ppid
1628,
> prog_name bash, uid 0, audit_uid, target type PROCESS, tid 1645,
attr
> kernel_thread, value 0, result NOT_GRANTED by ACL
This is setting the priority of a process. You can grant this right
without problems.
> Another thing is, that the Administration Tools seem to work a bit
> buggy, since I often can't change a 'Def Process Create Type'
setting in
> the RC_Roles screen. Either I get 'RSBAC_EINVALID_VALUE' or the
value
> isn't changed at all (after setting a new value, the old still is
> displayed as the actual value). This is rather annoying, since some
> roles seem to have set themselves wrong values for the 'Def Process
> Create Type' setting, so they can't create a process anymore and
RSBAC
> gives out a error message in the log about it, but I can't do
anything
> to correct this problem.
It seems as if the old values caused the problem. Have you tried the
command line tool rc_set_item, or only the menu?
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: signature
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20041220/b1a9e085/attachment.bin
More information about the rsbac
mailing list