[rsbac] question

Amon Ott ao at rsbac.org
Thu Aug 11 10:07:51 CEST 2005

On Mittwoch 10 August 2005 14:57, igraltist wrote:
> something struck me with rsbac.
> i use the the rsbac-admin-tool 1.2.4 and the kernel 2.4.29 on 
> i have build the kernel with all enabled in rsbac and pax and 
> softmode.
> when i do with the security-user in the rsbac_menu and then go for 
> in to /usr/sbin/apache with the rsbac_fd_menu to change settings, 
and in an
> other konsole with root-user do ps aux |grep apache, then he shows 
me the
> konsole content from the security.
> that happens if only as above described.
> what do you think about it?

What your ps does is GET_STATUS_DATA on the process.

In RC, change security's def_process_execute_type to Security-Process, 
better check security's rights to that type, and you are ready.

You can also use CAP's process hiding and set user root to cap_role 
User. This would be a bit of overkill, though.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list