[rsbac] rsbac_auditor_rol

Javier J. Martínez Cabezón tazok.id0 at gmail.com
Sat Jan 31 10:38:48 CET 2009

Hi, I have seen in the logs that access to GET_STATUS_DATA to SCD
target rsbac_log is denied by AUTH. As seen in the source code in
auth_main.c is hardcoded that only the roles of auditor or secoff has
this rights granted. I think it would be useful to have a switch in
the kernel that we could select the auditor role "number" (as the
secoff uid in .config) and not depend on name at first (if someone
create one role with the same name I think it could be dangerous). Now
I can make an rc_copy_rol from my syslog role (8)  to auditor one (3)
but I think that other solution could be more proper.

More information about the rsbac mailing list