[rsbac] rsbac_jail ipc problem
Thomas Mueller
news-exp-jul05 at tmueller.com
Thu Jul 7 14:50:56 CEST 2005
Hi,
I have a rsbac_jail with hammerhead, a http server stress test programm.
When a user logs in I call sudo to start the jail where I use su to
switch back to the user (sounds weird but works great :) ):
sudo ${JAIL} -l -i -r -a -R /var/local/home/chroot/ -I ${FORCEIP} -C
${FORCECAP} /bin/su - $USER
The problem is that hammerhead doesn't work without -i:
Jul 7 11:02:48 geht-schon kernel: rsbac_adf_request(): request
READ_WRITE_OPEN, pid 29705, ppid 26372, prog_name hammerhead, prog_file
/var//local/home/chroot/usr/bin/hammerhead, uid 20001, audit_uid 20001,
target_type IPC, tid Shm-ID 524293, attr none, value none, result
NOT_GRANTED by JAIL
The only IPC that makes sense is between hammerhead childs so this is
within the jail and '-i' shouldn't be required? Is it possible that
rsbac_jail misdetects the IPC as going outside?
I use kernel 2.6.11.10 with rsbac 1.2.4.
Thanks,
Thomas
More information about the rsbac
mailing list