[rsbac] 1.2.4 & UNIX STREAM

Amon Ott ott at compuniverse.de
Tue Mar 15 09:38:37 CET 2005


On Dienstag, 15. März 2005 09:02 quoth Andrea Pasquinucci:
> I have just switched to 1.2.4 and I get zillions of messages like
>
> kernel: rsbac_adf_request(): request RECEIVE, pid 7815, ppid 1,
> prog_name upsd, prog_file /usr/sbin/upsd, uid 57, audit_uid 500,
> target_type NETOBJ, tid c33d4680 UNIX STREAM, attr none, value none,
> result NOT_GRANTED (Softmode) by RC
>
> Is there a quick way of allowing to everybody the use of UNIX STREAM,
> without using rsbac_menus ? Thanks

Taken from http://rsbac.org/documentation/upgrading.php#v1.2.4:

# RC: With option "RC check access to UNIX partner process": Add CONNECT, 
ACCEPT, SEND and RECEIVE rights for all roles to PROCESS types as required - 
the log will tell you (rsbac_rc_role_menu).

Basically, with this option you need additional rights to a target process to 
be allowed to communicate.

This script will grant these rights for all role and process type 
combinations:

for role in $(rc_get_item list_role_nr)
do
  for type in $(rc_get_item list_process_type_nr)
  do
    rc_set_item -a ROLE $role type_comp_process $type \
      CONNECT ACCEPT SEND RECEIVE
  done
done

Better use "rc_get_item backup" before that to have a backup of your previous 
RC settings.

Amon.


More information about the rsbac mailing list