[rsbac] granting syslog-ng the right to access /proc/rsbac-info/rmsg
Sven Seeland
sven.seeland at gmx.de
Tue Jul 17 15:24:19 CEST 2007
Hi everybody...
I'm trying to set /proc/rsbac-info/rmsg as a source for syslog-ng but I keep
getting this error:
<6>0000036345|rsbac_adf_request(): request GET_STATUS_DATA, pid 2218, ppid 1,
prog_name syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, audit uid 400, remote
ip 192.168.11.3, target_type SCD, tid rsbac_log, attr none, value none, result
NOT_GRANTED (Softmode) by FF AUTH
Now, I know you're supposed to run syslog-ng as a seperate user but I'd really
like to stick with Gentoo's init architecture and I have no clue as to how to
hack a script to start a seperate syslog under secoff credentials. The one point
that irritates me is this: as root I can cat /proc/rsbac-info/rmsg without any
problems.
Is there any way short of hacking the kernel sources to achieve this effect? Or
is there a reliable way to filter everything that comes from RSBAC out of the
Kernel messages?
Thanks a lot,
Sven
More information about the rsbac
mailing list