[rsbac] Can't manage to authorize IPC RECEIVE in RC module
Amon Ott
ao at rsbac.org
Tue Nov 28 12:23:35 CET 2006
On Dienstag 28 November 2006 12:14, Colin Pitrat wrote:
> I'm currently running in softmode with rsbac 1.3.0, and I get the
> following line in /var/log/messages.log :
>
> rsbac_adf_request(): request RECEIVE, pid 1820, ppid 1, prog_name
> syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, target_type IPC,
tid
> AnonUnix-ID 29332, attr process, value 21770, result NOT_GRANTED
> (Softmode) by RC
>
> I tried to set RECEIVE for the IPC type I supposed to be concerned
for
> the supposed role, but it didn't work. So I tried to turn it on for
> every IPC type for every role (yeah I know, but I'm just testing for
now
> ;) ) and it still doesn't work. What did I do wrong ?
Did you enable partner process checking in kernel config?
"RC check access to UNIX partner process".
If yes, there is an additional check against the partner process RC
type.
Please enable RC debugging as secoff with
echo debug_adf_rc 1 >/proc/rsbac-info/debug
to see which roles and types are involved. You can also use
rsbac_debug_adf_rc kernel parameter.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list