[rsbac] Problem with RSBAC 1.2.4 pre3 and Kernel 2.4.27

Amon Ott ao at rsbac.org
Mon Dec 20 15:08:51 CET 2004


On Montag, 20. Dezember 2004 14:54, Patrique Wolfrum wrote:
> as written in my last messages, I had problems getting RSBAC 1.2.3 
> working with my existing installation (RSBAC Admintools weren't able 
to 
> display the existing RC_Roles and RC_FDs). As I was goint to test 
> several diagnostic steps, which Amon Ott emailed to me last week, 
> suddenly the RSBAC Admintools 1.2.4 pre3, which I tried after a 
> suggestion from Amon Ott in case some bug in RSBAC 1.2.3 was causing 
the 
> describe behaviour), displayed all RC_Roles and RC_FDs. As it seemed 
to 
> be working now, I added the boot-role and adjusted several other 
roles 
> accordingly. In Softmode the system booted ,after several 
corrections to 

Good, so the system seems to work.

> the bootrole correctly. Without the softmode, mingetty and the bash 
> started to be quite troublesome, since they insisted to make a call 
> which RSBAC denied:
> 
> rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 1645, ppid 
1628, 
> prog_name bash, uid 0, audit_uid, target type PROCESS, tid 1645, 
attr 
> kernel_thread, value 0, result NOT_GRANTED by ACL

This is setting the priority of a process. You can grant this right 
without problems.
 
> Another thing is, that the Administration Tools seem to work a bit 
> buggy, since I often can't change a 'Def Process Create Type' 
setting in 
> the RC_Roles screen. Either I get 'RSBAC_EINVALID_VALUE' or the 
value 
> isn't changed at all (after setting a new value, the old still is 
> displayed as the actual value). This is rather annoying, since some 
> roles seem to have set themselves wrong values for the 'Def Process 
> Create Type' setting, so they can't create a process anymore and 
RSBAC 
> gives out a error message in the log about it, but I can't do 
anything 
> to correct this problem.

It seems as if the old values caused the problem. Have you tried the 
command line tool rc_set_item, or only the menu?
 
Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: signature
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20041220/b1a9e085/attachment.bin


More information about the rsbac mailing list