[rsbac] Can't manage to authorize IPC RECEIVE in RC module
Colin Pitrat
colin.pitrat at bull.net
Tue Nov 28 12:14:33 CET 2006
Hello,
I'm currently running in softmode with rsbac 1.3.0, and I get the
following line in /var/log/messages.log :
rsbac_adf_request(): request RECEIVE, pid 1820, ppid 1, prog_name
syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, target_type IPC, tid
AnonUnix-ID 29332, attr process, value 21770, result NOT_GRANTED
(Softmode) by RC
I tried to set RECEIVE for the IPC type I supposed to be concerned for
the supposed role, but it didn't work. So I tried to turn it on for
every IPC type for every role (yeah I know, but I'm just testing for now
;) ) and it still doesn't work. What did I do wrong ?
Here are some command I thought could be useful :
# attr_get_fd RC FILE rc_force_role /usr/sbin/syslog-ng
/usr/sbin/syslog-ng: Returned value: 0
# attr_get_fd RC FILE rc_initial_role /usr/sbin/syslog-ng
/usr/sbin/syslog-ng: Returned value: 0
# rc_get_item list_ipc_types
0 General_IPC
1 Security_IPC
2 System_IPC
# for i in `seq 0 2`; do rc_get_item ROLE 0 type_comp_ipc 0 RECEIVE; done
1
1
1
--
Colin Pitrat (Bull Services Telco)
Bull, Architect of an Open World (TM)
Tél : +33 (0) 1 30 80 72 93
www.bull.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: colin.pitrat.vcf
Type: text/x-vcard
Size: 247 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20061128/4bf3ee7d/attachment.vcf
More information about the rsbac
mailing list