[rsbac] Process targets behaving strangely
Evan Speltz
saturn at nameless.mine.nu
Sun Sep 10 03:48:26 CEST 2006
On Sat, 2006-09-09 at 08:38 +0200, Amon Ott wrote:
> On Freitag 08 September 2006 23:45, Evan Speltz wrote:
> > I have a role with def_process_create_type and
> def_process_execute_type
> > set to a type which is not 0. However when I try to run a program in
> > this role, I get this message:
> >
> > rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 9106, ppid
> 6995,
> > prog_name bash, prog_file /bin/bash, uid 1001, remote ip
> 192.168.0.19,
> > target_type PROCESS, tid 9106, attr none, value none, result
> NOT_GRANTED
> > by RC
> >
> > The only way to make it work is to allow MODIFY_SYSTEM_DATA for
> process
> > type 0, even though none of processes in question are of type 0 (I
> have
> > checked to make sure of that). What is happening?
>
> Can you please enable debug_adf_rc, e.g. as user 400
> echo "debug_adf_rc 1" >/proc/rsbac-info/debug
> and retry? It will show the roles and types involved.
>
> Amon.
Sure.
Sat Sep 9 20:43:19 2006 :<7>0000000083|check_comp_rc(): pid 1771
(bash), owner 1001, rc_role 200, PROCESS rc_type 0, request
MODIFY_SYSTEM_DATA -> NOT_GRANTED!
Sat Sep 9 20:43:19 2006 :<6>0000000084|rsbac_adf_request(): request
MODIFY_SYSTEM_DATA, pid 1771, ppid 1770, prog_name bash,
prog_file /bin/bash, uid 1001, remote ip 192.168.0.19, target_type
PROCESS, tid 1809, attr none, value none, result NOT_GRANTED by RC
However, when I look at the process from rsbac_menu, it is type 8, as it
should be.
More information about the rsbac
mailing list