[rsbac] RC SCD 13 not working?

kang kang at rsbac.org
Fri Sep 29 16:54:05 CEST 2006


Andrea Pasquinucci wrote:
> I just noticed that on all my installation of rsbac_1.2.8 RC SCD 13 
> (firewall) does not work:
>
>   
>> rc_get_item -p ROLE 2 type_comp_scd 13
>>     
> 0000000000000000000000000000000000000000100000001100000000000
>   GET_PERMISSIONS_DATA
>   GET_STATUS_DATA
>   READ_ATTRIBUTE
>     
>   
>> rc_get_item list_scd_types | grep 13
>>     
> 13 firewall
>
> but as root I can run iptables and change the firewall (and I checked 
> that bash is running with role 2). With previous version of the kernel 
> it was not possible.
>
> I did not change the rsbac configuration, just upgraded the kernel.
>
> Everything else _seems_ to be working, but I did not check every rule I 
> have applied.
>
> Andrea
>
> PS. Could it be something with the kernel configuration? I did not 
> change that either, but...
>
>   
You're right, on 2.6 kernels the hook has been moved by an automatic
merge when they added 64bit compatible calls.
This is now fixed in svn (will be released shortly in 1.2.9 and 1.3.0)

Thanks.


More information about the rsbac mailing list