[rsbac] Re: Missing CAPs are not logged
Thomas Mueller
news-exp-jul05 at tmueller.com
Tue Jan 25 17:51:34 CET 2005
Amon Ott wrote:
>> Is it hard to patch the kernel so that missing CAPs are logged by
>> RSBAC?
>
>> If the program that needs more CAPs doesn't output a useful error
>> message it is very hard to find out what's missing.
>
> It is either simple (change the capable() function), but produces
> tons of output and is thus useless,
That means you expect that (lot of) programs try to do things they have
no capabilities for but work nonetheless?
> or it requires patches to all functions that check capabilities, what
> is a real lot of work and almost impossible to maintain.
>
> We can give the first option a try, though.
>
> But, again: The normal reason why a program only works in softmode,
> but does not produce RSBAC logging, are missing CAPs in the max_caps
> value.
Yes but you still have to find out what is missing. Setting max_caps to
1..1 is not the best solution from a security point of view I guess :-)
Thonas
More information about the rsbac
mailing list