[rsbac] acl questions

[=?gb2312?q?=FFffffd2=FFffffe0=20=FFffffc1=FFffffd6?=]

I've used the patch and recompiled the kernel.And it does work.Now my network runs properly.

Amon Ott <ao at rsbac.org> wrote:
On Sonntag, 29. Februar 2004 11:10, �ffffd2�ffffe0 �ffffc1�ffffd6 wrote:
> I installed ACL module but didn't choose the following items:
> ACL network device protection
> ACL network object protection
> But when the system starts up,it logs messages as follow:
> portmap[3018]: cannot create udp socket: Operation not permitted
> kernel: eth0: VIA VT6102 Rhine-II at 0xe800, 00:e0:4c:85:17:3c, IRQ 
11.
> kernel: eth0: MII PHY found at address 1, status 0x786d advertising 
05e1 Link 45e1.
> ifup: via-rhine device eth0 does not seem to be present, delaying 
initialization.
> network: Bringing up interface eth0: failed
> kernel: rsbac_acl_check_right(): rsbac_acl_get_single_right() 
returned error RSBAC_EINVALIDTARGET!
> kernel: rsbac_adf_request(): request CREATE, pid 2909, ppid 2896, 
prog_name iptables, uid 0, target_type NETOBJ, tid cef15ba0 INET RAW proto 
RAW local 0.0.0.0:255 remote 0.0.0.0:0, attr , value 0, result NOT_GRANTED 
by ACL

It seems that this is a bug. Please try the attached patch against 
rsbac/adf/acl_main.c, if it fixes the problem, I will make it yet another 
bugfix.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
--- acl_main.c~ 2003-12-15 12:46:16.000000000 +0100
+++ acl_main.c 2004-02-29 20:38:26.000000000 +0100
@@ -60,10 +60,14 @@
case T_SCD:
case T_USER:
case T_PROCESS:
+#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
case T_NETDEV:
+#endif
+#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
case T_NETTEMP_NT:
case T_NETTEMP:
case T_NETOBJ:
+#endif
break;
default:
return TRUE;
_______________________________________________
rsbac mailing list
rsbac at rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac


---------------------------------
Do You Yahoo!?
ÍêÈ«Ãâ·ÑµÄÑÅ»¢µçÓÊ£¬ÂíÉÏ×¢²á»ñÔù¶îÍâ60Õ×ÍøÂç´æ´¢¿Õ¼ä