[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-help] compile problem
|
From: |
Benjamin Adler |
|
Subject: |
Re: [Dazuko-help] compile problem |
|
Date: |
Mon, 27 Sep 2004 13:18:08 +0200 |
|
User-agent: |
KMail/1.7 |
Hi John!
> I would recommend configuring RSBAC without the cache feature:
>
> [ ] Cache scanning results
> (254) Dazuko device major number
ok.
> Once you have the kernel built you still need to create the Dazuko device:
>
> # mknod -m 666 /dev/dazuko c 254 0
crw-rw-rw- 1 root root 254, 0 Sep 27 2004 /dev/dazuko
> Normally you would not want /dev/dazuko to have 666 permissions, but
> with RSBAC the access control is done differently. With RSBAC you have
> to mark the applications that are allowed to interact with Dazuko. You
> do this by running the administration program:
>
> $ rsbac_fd_menu example
>
> This will allow you to set the "example" binary to be a DAZ_scanner:
>
> DAZ Scanner: 1 / On
As secoff (uid 400), I used
"rsbac_fd_menu /tmp/dazuko-2.0.4-pre2/example_c/example" to set DAZ Scanner
to 1 / On, then said quit. Starting rsbac_fd_menu a second time showed the
setting was saved.
> Once you have done all that, then you can run the example program. The
> example program checks to see if you are root. For RSBAC it is not
> necessary to be root, but since it is hard-coded in the example program,
> you will either have to remove the check from example.c or be root.
I removed the check, but it still won't work.
$ /tmp/dazuko-2.0.4-pre2/example_c/example
error: failed to register with Dazuko
# /tmp/dazuko-2.0.4-pre2/example_c/example
error: failed to register with Dazuko
To be honest, I don't really know my way around in rsbac. All these rsbac_*
porgrams are new to me. I didn't even want all this security stuff, I just
wanted a working file notification :) dmesg and /var/log/everything/current
show me lots of lines like this:
Sep 27 13:12:00 [kernel] rsbac_adf_request(): request CHANGE_OWNER, pid 8587,
ppid 8586, prog_name cron, uid 0, target_type PROCESS, tid 8587, attr owner,
value 0, result NOT_GRANTED (Softmode) by AUTH
but "dmesg | grep example" or "grep example /var/log/everything/current" don't
return anything.
I have currently put "rsbac_softmode" as kernel parameter into my grub.conf,
but it still won't work. rsbac_auth_learn won't help either.
I have tried to switch DAZ on in rsbac_menu -> Switch modules -> DAZ, but the
mark disappears once I leave and restart rsbac_menu.
What can I try to get this working?
thanks!
Ben Adler
- [Dazuko-help] compile problem, Benjamin Adler, 2004/09/25
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/25
- Message not available
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/27
- Re: [Dazuko-help] compile problem,
Benjamin Adler <=
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/28
- Re: [Dazuko-help] compile problem, Benjamin Adler, 2004/09/28
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/29
- Re: [Dazuko-help] compile problem, Benjamin Adler, 2004/09/29
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/30
- Re: [Dazuko-help] compile problem, Benjamin Adler, 2004/09/30
- Re: [Dazuko-help] compile problem, John Ogness, 2004/09/30