[rsbac] RSBAC 1.3.0 released
Bencsath Boldizsar
boldi at datacontact.hu
Fri Oct 27 00:57:21 CEST 2006
I tried 1.3.0 agains 2.6.18.1.
It seems to be fine, but I have a lot of RC NOT_GRANTED on different
PROCESS target calls, eg. GET_STATUS_DATA, MODIFY_SYSTEM_DATA
# ps
bash: child setpgid (346 to 346):
Operation not permitted
0000014707|rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 346, ppid
3750, prog_name bash, prog_file /bin/bash, uid 0, audit uid 1000,
target_type PROCESS, tid 346, attr none, value none, result NOT_GRANTED by
RC
0000014708|rsbac_adf_request(): request GET_STATUS_DATA, pid 346, ppid
3750, prog_name ps, prog_file /bin/ps, uid 0, audit uid 1000, target_type
PROCESS, tid 346, attr none, value none, result NOT_GRANTED by RC
0000014709|rsbac_adf_request(): request GET_STATUS_DATA, pid 346, ppid
3750, prog_name ps, prog_file /bin/ps, uid 0, audit uid 1000, target_type
PROCESS, tid 346, attr none, value none, result NOT_GRANTED by RC
This is done by a special role, not standard root (== not system admin
role), and I already gave all the possible access rights to that role an
all process type.
Do You have any idea what to check?
boldi
More information about the rsbac
mailing list