[rsbac] Process targets behaving strangely
Amon Ott
ao at rsbac.org
Sat Sep 9 08:38:02 CEST 2006
On Freitag 08 September 2006 23:45, Evan Speltz wrote:
> I have a role with def_process_create_type and
def_process_execute_type
> set to a type which is not 0. However when I try to run a program in
> this role, I get this message:
>
> rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 9106, ppid
6995,
> prog_name bash, prog_file /bin/bash, uid 1001, remote ip
192.168.0.19,
> target_type PROCESS, tid 9106, attr none, value none, result
NOT_GRANTED
> by RC
>
> The only way to make it work is to allow MODIFY_SYSTEM_DATA for
process
> type 0, even though none of processes in question are of type 0 (I
have
> checked to make sure of that). What is happening?
Can you please enable debug_adf_rc, e.g. as user 400
echo "debug_adf_rc 1" >/proc/rsbac-info/debug
and retry? It will show the roles and types involved.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list