[rsbac] Process targets behaving strangely

Amon Ott ao at rsbac.org
Sat Sep 9 08:38:02 CEST 2006

On Freitag 08 September 2006 23:45, Evan Speltz wrote:
> I have a role with def_process_create_type and 
> set to a type which is not 0. However when I try to run a program in
> this role, I get this message:
> rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 9106, ppid 
> prog_name bash, prog_file /bin/bash, uid 1001, remote ip,
> target_type PROCESS, tid 9106, attr none, value none, result 
> by RC
> The only way to make it work is to allow MODIFY_SYSTEM_DATA for 
> type 0, even though none of processes in question are of type 0 (I 
> checked to make sure of that). What is happening?

Can you please enable debug_adf_rc, e.g. as user 400
echo "debug_adf_rc 1" >/proc/rsbac-info/debug
and retry? It will show the roles and types involved.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list