[rsbac] 1.2.4 & UNIX STREAM
Amon Ott
ott at compuniverse.de
Tue Mar 15 09:38:37 CET 2005
On Dienstag, 15. März 2005 09:02 quoth Andrea Pasquinucci:
> I have just switched to 1.2.4 and I get zillions of messages like
>
> kernel: rsbac_adf_request(): request RECEIVE, pid 7815, ppid 1,
> prog_name upsd, prog_file /usr/sbin/upsd, uid 57, audit_uid 500,
> target_type NETOBJ, tid c33d4680 UNIX STREAM, attr none, value none,
> result NOT_GRANTED (Softmode) by RC
>
> Is there a quick way of allowing to everybody the use of UNIX STREAM,
> without using rsbac_menus ? Thanks
Taken from http://rsbac.org/documentation/upgrading.php#v1.2.4:
# RC: With option "RC check access to UNIX partner process": Add CONNECT,
ACCEPT, SEND and RECEIVE rights for all roles to PROCESS types as required -
the log will tell you (rsbac_rc_role_menu).
Basically, with this option you need additional rights to a target process to
be allowed to communicate.
This script will grant these rights for all role and process type
combinations:
for role in $(rc_get_item list_role_nr)
do
for type in $(rc_get_item list_process_type_nr)
do
rc_set_item -a ROLE $role type_comp_process $type \
CONNECT ACCEPT SEND RECEIVE
done
done
Better use "rc_get_item backup" before that to have a backup of your previous
RC settings.
Amon.
More information about the rsbac
mailing list