[rsbac] granting syslog-ng the right to access /proc/rsbac-info/rmsg

sftf at yandex.ru sftf at yandex.ru
Wed Jul 18 04:43:36 CEST 2007

Your "start a seperate syslog under secoff credentials" is WRONG IDEA!
In properly configured RSBAC no daemons must run with secoff privileges.
You should use RC model and should create role for init and grant
appropriate premissions to this role.

SS> Hi everybody...

SS> I'm trying to set /proc/rsbac-info/rmsg as a source for syslog-ng but I keep
SS> getting this error:

SS> <6>0000036345|rsbac_adf_request(): request GET_STATUS_DATA, pid 2218, ppid 1,
SS> prog_name syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, audit uid 400, remote
SS> ip, target_type SCD, tid rsbac_log, attr none, value none, result

SS> Now, I know you're supposed to run syslog-ng as a seperate user but I'd really
SS> like to stick with Gentoo's init architecture and I have no clue as to how to
SS> hack a script to start a seperate syslog under secoff credentials. The one point
SS> that irritates me is this: as root I can cat
SS> /proc/rsbac-info/rmsg without any 
SS> problems.

SS> Is there any way short of hacking the kernel sources to achieve this effect? Or
SS> is there a reliable way to filter everything that comes from RSBAC out of the
SS> Kernel messages?

SS> Thanks a lot,
SS> Sven
SS> _______________________________________________
SS> rsbac mailing list
SS> rsbac at rsbac.org
SS> http://www.rsbac.org/mailman/listinfo/rsbac

More information about the rsbac mailing list