[rsbac] Can't manage to authorize IPC RECEIVE in RC module

Colin Pitrat colin.pitrat at bull.net
Tue Nov 28 12:14:33 CET 2006


Hello,
I'm currently running in softmode with rsbac 1.3.0, and I get the 
following line in /var/log/messages.log :

rsbac_adf_request(): request RECEIVE, pid 1820, ppid 1, prog_name 
syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, target_type IPC, tid 
AnonUnix-ID 29332, attr process, value 21770, result NOT_GRANTED 
(Softmode) by RC

I tried to set RECEIVE for the IPC type I supposed to be concerned for 
the supposed role, but it didn't work. So I tried to turn it on for 
every IPC type for every role (yeah I know, but I'm just testing for now 
;) ) and it still doesn't work. What did I do wrong ?

Here are some command I thought could be useful :

# attr_get_fd RC FILE rc_force_role /usr/sbin/syslog-ng
/usr/sbin/syslog-ng: Returned value: 0

# attr_get_fd RC FILE rc_initial_role /usr/sbin/syslog-ng
/usr/sbin/syslog-ng: Returned value: 0

# rc_get_item list_ipc_types
0 General_IPC
1 Security_IPC
2 System_IPC

# for i in `seq 0 2`; do rc_get_item ROLE 0 type_comp_ipc 0 RECEIVE; done
1
1
1

-- 
Colin Pitrat (Bull Services Telco)
Bull,  Architect of an Open World (TM)
Tél : +33 (0)  1 30 80 72 93
www.bull.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: colin.pitrat.vcf
Type: text/x-vcard
Size: 247 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20061128/4bf3ee7d/attachment.vcf 


More information about the rsbac mailing list