[rsbac] Re: Missing CAPs are not logged

Amon Ott ao at rsbac.org
Fri Jan 28 16:55:39 CET 2005

On Dienstag 25 Januar 2005 17:51, Thomas Mueller wrote:
> Amon Ott wrote:
> >> Is it hard to patch the kernel so that missing CAPs are logged by 
> >> RSBAC?
> > 
> >> If the program that needs more CAPs doesn't output a useful error 
> >> message it is very hard to find out what's missing.
> > 
> > It is either simple (change the capable() function), but produces
> > tons of output and is thus useless,
> That means you expect that (lot of) programs try to do things they 
> no capabilities for but work nonetheless?
I have added such a CAP module option, which logs all failed capable() 
checks. Only exception: CAP_SYS_ADMIN with 2.6 kernels, this produces 
too much noise.

The new code is in the subversion repository.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: nicht verf?gbar
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20050128/19c1aa0e/attachment.bin

More information about the rsbac mailing list