[rsbac] Problem with RSBAC 1.2.4 pre3 and Kernel 2.4.27

Amon Ott ao at rsbac.org
Mon Dec 20 15:44:55 CET 2004 

On Montag, 20. Dezember 2004 15:26, Patrique Wolfrum wrote:
> >>rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 1645, ppid 
1628, prog_name bash, uid 0, audit_uid, target type PROCESS, tid 
1645, attr kernel_thread, value 0, result NOT_GRANTED by ACL
> >>    
> >>
> >
> >This is setting the priority of a process. You can grant this right 
> >without problems. 
> >  
> >
> I tried to find this setting, but I could't find it. Could you 
please 
> give me hint where to look it ?

Try
rsbac_acl_menu PROCESS :DEFAULT:
then select Group everyone and add the right - if you cannot see it 
there, you found a bug.

> >>Another thing is, that the Administration Tools seem to work a bit 
> >>buggy, since I often can't change a 'Def Process Create Type' 
setting in the RC_Roles screen. Either I get 'RSBAC_EINVALID_VALUE' 
or the value isn't changed at all (after setting a new value, the old 
still is 
> >>displayed as the actual value). This is rather annoying, since 
some 
> >>roles seem to have set themselves wrong values for the 'Def 
Process 
> >>Create Type' setting, so they can't create a process anymore and 
RSBAC gives out a error message in the log about it, but I can't do 
anything to correct this problem.
> >>    
> >>
> >
> >It seems as if the old values caused the problem. Have you tried 
the 
> >command line tool rc_set_item, or only the menu?
> >  
> >
> Until I received your message, I just tried it via the menu. The 
> commandline I used for rc_set_item was 'rc_set_item -v ROLE 501 
> def_process_create_type 65' and I received 'RSBAC_EINVALIDVALUE'.

Ouch, the rc_set_item help is wrong. The correct value is 4294967294 
or -2. The special values have changed long ago, somehow the help 
survived with old values. Here the menu would have used the correct 
values.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: signature
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20041220/19a09845/attachment.bin

More information about the rsbac mailing list