[rsbac] GET_STATUS_DATA - SCD/other = NOT_GRANTED
Rafal Bisingier
ravbc at man.poznan.pl
Wed May 25 11:42:22 CEST 2005
On Wed, May 25, 2005 at 11:22:32AM +0200, Amon Ott wrote:
> On Mittwoch 25 Mai 2005 11:01, Rafal Bisingier wrote:
> > I have many entries in log like:
> > kern.info: rsbac_adf_request(): request GET_STATUS_DATA, pid 3218,
> > ppid 1542, prog_name clamd, prog_file /usr/sbin/clamd, uid 43,
> > audit_uid 43, target_type SCD, tid other, attr none, value none,
> > result NOT_GRANTED by JAIL
>
> This is a sysctl read access, which is denied by JAIL. This behaviour
> has been changed in 1.2.5-pre.
So is there any chance to resolve it in 1.2.4, or do I have to wait for
1.2.5 or switch of jail?
> > This one is about clamd and blocking module is JAIL, but I've seen
> > also other programs (mostly daemons, but also login, ps, bash, tail)
> > with the same target/request but blocked by RC or ACL
>
> Before 1.2.4-bf2 read access to sysctl was completely unchecked. You
> can enable this access in RC and ACL where required.
>
> 1.2.5-pre adds a new SCD target sysctl for this purpose, but I did not
> want to add new targets in a 1.2.4 bugfix.
Is there any expected release time for 1.2.5?
--
Greetings
Rafal Bisingier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050525/d950edab/attachment.bin
More information about the rsbac
mailing list