[rsbac] Re: Missing CAPs are not logged
Amon Ott
ao at rsbac.org
Fri Jan 28 16:55:39 CET 2005
On Dienstag 25 Januar 2005 17:51, Thomas Mueller wrote:
> Amon Ott wrote:
> >> Is it hard to patch the kernel so that missing CAPs are logged by
> >> RSBAC?
> >
> >> If the program that needs more CAPs doesn't output a useful error
> >> message it is very hard to find out what's missing.
> >
> > It is either simple (change the capable() function), but produces
> > tons of output and is thus useless,
>
> That means you expect that (lot of) programs try to do things they
have
> no capabilities for but work nonetheless?
I have added such a CAP module option, which logs all failed capable()
checks. Only exception: CAP_SYS_ADMIN with 2.6 kernels, this produces
too much noise.
The new code is in the subversion repository.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : nicht verf?gbar
Dateityp : application/pgp-signature
Dateigr??e : 189 bytes
Beschreibung: nicht verf?gbar
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20050128/19c1aa0e/attachment.bin
More information about the rsbac
mailing list