[rsbac] Can't manage to authorize IPC RECEIVE in RC module
Colin Pitrat
colin.pitrat at bull.net
Tue Nov 28 14:25:35 CET 2006
Thanks, the debug_adf_rc tip is really helpful ! I didn't knew it.
Thanks to it, I managed to make it work.
Colin Pitrat (Bull Services Telco)
Bull, Architect of an Open World (TM)
Tél : +33 (0) 1 30 80 72 93
www.bull.com
Amon Ott wrote:
> On Dienstag 28 November 2006 12:14, Colin Pitrat wrote:
>> I'm currently running in softmode with rsbac 1.3.0, and I get the
>> following line in /var/log/messages.log :
>>
>> rsbac_adf_request(): request RECEIVE, pid 1820, ppid 1, prog_name
>> syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, target_type IPC,
> tid
>> AnonUnix-ID 29332, attr process, value 21770, result NOT_GRANTED
>> (Softmode) by RC
>>
>> I tried to set RECEIVE for the IPC type I supposed to be concerned
> for
>> the supposed role, but it didn't work. So I tried to turn it on for
>> every IPC type for every role (yeah I know, but I'm just testing for
> now
>> ;) ) and it still doesn't work. What did I do wrong ?
>
> Did you enable partner process checking in kernel config?
> "RC check access to UNIX partner process".
> If yes, there is an additional check against the partner process RC
> type.
>
> Please enable RC debugging as secoff with
> echo debug_adf_rc 1 >/proc/rsbac-info/debug
> to see which roles and types are involved. You can also use
> rsbac_debug_adf_rc kernel parameter.
>
> Amon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: colin.pitrat.vcf
Type: text/x-vcard
Size: 247 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20061128/48c31304/attachment.vcf
More information about the rsbac
mailing list