Rafal Bisingier ravbc at man.poznan.pl
Wed May 25 11:42:22 CEST 2005

On Wed, May 25, 2005 at 11:22:32AM +0200, Amon Ott wrote:
> On Mittwoch 25 Mai 2005 11:01, Rafal Bisingier wrote:
> > I have many entries in log like:
> > kern.info: rsbac_adf_request(): request GET_STATUS_DATA, pid 3218, 
> > ppid 1542, prog_name clamd, prog_file /usr/sbin/clamd, uid 43,
> > audit_uid 43, target_type SCD, tid other, attr none, value none,
> > result NOT_GRANTED by JAIL
> This is a sysctl read access, which is denied by JAIL. This behaviour 
> has been changed in 1.2.5-pre.

So is there any chance to resolve it in 1.2.4, or do I have to wait for
1.2.5 or switch of jail?

> > This one is about clamd and blocking module is JAIL, but I've seen 
> > also other programs (mostly daemons, but also login, ps, bash, tail)
> > with the same target/request but blocked by RC or ACL
> Before 1.2.4-bf2 read access to sysctl was completely unchecked. You 
> can enable this access in RC and ACL where required.
> 1.2.5-pre adds a new SCD target sysctl for this purpose, but I did not 
> want to add new targets in a 1.2.4 bugfix.

Is there any expected release time for 1.2.5?

Rafal Bisingier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050525/d950edab/attachment.bin

More information about the rsbac mailing list