[rsbac] rsbac_jail & postfix
Czako Krisztian
rsbac@rsbac.org
Fri Aug 23 13:22:01 2002
--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Aug 23, 2002 at 07:30:25AM +0200, Matthias J=E4nichen wrote:
> At 01:25 23.08.02 +0200, Deim Agoston wrote:
> >> Everybody went to holiday? :)
> >No, but I shall soon...
> Amon has just finished a private project and is is a bit short at time=20
> these days, but I will monitor the list and inform him if something sevre=
=20
> comes up. He promissed to answer all requests, but it may take some days.
Thanx. Nice to mail with myself :)
I try to solve my problem :)
It seems to be a bug in the jail, because JAIL rejects all unix domain bind
calls. I've tried nscd, mysqld and postfix.
RSBAC JAIL thinks it's a DIR CREATE call (case T_DIR at line 312 in
jail_main.c) and returns NOT_GRANTED. For testing, I've replaced this
NOT_GRANTED (line 312 in jail_main.c) with DO_NOT_CARE and unix socket bind
now works in the jail.
The compilation problem also seems to be a bug in the source. I think it's a
missing #ifdef. Something like this (NOTE THAT THIS PATCH NOT TESTED AT
ALL!):
--- linux.old/rsbac/adf/rc/rc_main.c Fri Aug 16 11:33:26 2002
+++ linux/rsbac/adf/rc/rc_main.c Thu Aug 22 17:08:43 2002
@@ -87,6 +87,7 @@
i_rc_item =3D RI_type_comp_nettemp;
i_attr =3D A_rc_type_nt;
break;
+#ifdef CONFIG_RSBAC_RC_NET_OBJ_PROT
case T_NETOBJ:
i_rc_item =3D RI_type_comp_netobj;
if(rsbac_net_remote_request(request))
@@ -94,6 +95,7 @@
else
i_attr =3D A_local_rc_type;
break;
+#endif
case T_USER:
return(NOT_GRANTED);
default:
Regards,
Slapic
--=20
Pilatus-Comp Ltd. HUNGARY * The Linux Expert * pilatuscomp@linux.co.hu
http://www.linux.co.hu * Phone: +36-1-2481816 * Fax: +36-1-2481817
--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9ZhorCF6okiny5rwRAnjdAJsHnKg2serR5iTSJuVvR+zGafTNUQCfTP6z
fBaiPUkb3I20G1Wn6iadJnc=
=OMHc
-----END PGP SIGNATURE-----
--KsGdsel6WgEHnImy--