[rsbac] granting syslog-ng the right to access /proc/rsbac-info/rmsg
sftf at yandex.ru
sftf at yandex.ru
Wed Jul 18 04:43:36 CEST 2007
Your "start a seperate syslog under secoff credentials" is WRONG IDEA!
In properly configured RSBAC no daemons must run with secoff privileges.
You should use RC model and should create role for init and grant
appropriate premissions to this role.
SS> Hi everybody...
SS> I'm trying to set /proc/rsbac-info/rmsg as a source for syslog-ng but I keep
SS> getting this error:
SS> <6>0000036345|rsbac_adf_request(): request GET_STATUS_DATA, pid 2218, ppid 1,
SS> prog_name syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, audit uid 400, remote
SS> ip 192.168.11.3, target_type SCD, tid rsbac_log, attr none, value none, result
SS> NOT_GRANTED (Softmode) by FF AUTH
SS> Now, I know you're supposed to run syslog-ng as a seperate user but I'd really
SS> like to stick with Gentoo's init architecture and I have no clue as to how to
SS> hack a script to start a seperate syslog under secoff credentials. The one point
SS> that irritates me is this: as root I can cat
SS> /proc/rsbac-info/rmsg without any
SS> problems.
SS> Is there any way short of hacking the kernel sources to achieve this effect? Or
SS> is there a reliable way to filter everything that comes from RSBAC out of the
SS> Kernel messages?
SS> Thanks a lot,
SS> Sven
SS> _______________________________________________
SS> rsbac mailing list
SS> rsbac at rsbac.org
SS> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list