From: Amon Ott <ao@rsbac.org>
Subject: Re: syslog-ng
Date: Wed, 28 Mar 2001 10:31:27 +0200
Next Article (by Date): RSBAC vs. postfix Stanislav Ievlev
Previous Article (by Date): Re: RSBAC v1.1.1 problem Amon Ott
Top of Thread: syslog-ng Bencsath Boldizsar
Next in Thread: syslog-ng Bencsath Boldizsar
Articles sorted by: [Date]
[Author]
[Subject]
On Son, 25 Mär 2001 Bencsath Boldizsar wrote:
> I've tried rsbac1.1.1 on a machine with syslog-ng that failed to start.
> Normal syslog works well.
> syslogd does:
> [pid 15225] socket(PF_UNIX, SOCK_STREAM, 0) = 0
> [pid 15225] bind(0, {sin_family=AF_UNIX, path="/dev/log"}, 10) = 0
> and it's ok, while syslog-ng does:
> [pid 15229] socket(PF_UNIX, SOCK_STREAM, 0) = 4
> [pid 15229] bind(4, {sin_family=AF_UNIX,
> path=" /dev/log"},
> 110) = -1 EPERM (Operation not permitted)
> (who know why the path is so long?)
>
> rsbac_remove_target(): Removing file/dir/fifo ACI
> rsbac_set_attr(): ipc item added.
> rsbac_set_attr(): process item added.
> rsbac_set_attr(): process item added.
> rsbac_set_attr(): process item added.
> rsbac_set_attr(): process item added.
> rsbac_set_attr(): ipc item added.
> rsbac_set_attr(): ipc item added.
> rsbac_remove_target(): Removing file/dir/fifo ACI
> rsbac_adf_request_rc(): rsbac_get_attr() returned error -1017!
> rsbac_adf_request(): request READ_WRITE_OPEN, caller_pid 15178,
> caller_prog_name syslog-ng, caller_uid 0, target-type IPC, tid ???-ID
> 134521203, attr sockaddr, value 3371081424, result NOT_GRANTED by RC
> rsbac_remove_target(): Removing ipc ACI
> rsbac_remove_target(): Removing ipc ACI
> rsbac_set_attr(): process item added.
>
> any little help what is happening?
> is the error
> rsbac_adf_request_rc(): rsbac_get_attr() returned error -1017!
> a "user error" or shows an rsbac problem?
The IPC id is clearly wrong, as you can see by the ???-ID part. Still, the
sys_bind interception looks fine.
I will test syslog-ng soon, maybe I can reproduce the error.
> (i think if the second, then it could be really great to users to get
> points when should one report something on the list, and when is it an
> RTFM like problem ;-) )
Whenever you get a message like rsbac_get_attr returned error xy and you are
not in soft mode, you can regard this as an error to be reported here. Any
error message that looks like an internal one should be reported.
> (another thing is that it could be very great to have a database or forum
> set up for notices agains different programs/systems/packages with
> rsbac. So one could easily find info about setting up
> man,portmap,apache,proftpd,cron,ssh,... some are simple, but there can be
> some problems too..)
I could setup a second mailing list rsbac-howto, where this could be discussed
separately. On the other hand, you could simply ask here.
The examples page is meant to be filled with all different sorts of examples
for more complex ideas. It is probably time to start a howto page that contains
help for single daemons.
Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Date): RSBAC vs. postfix Stanislav Ievlev
Previous Article (by Date): Re: RSBAC v1.1.1 problem Amon Ott
Top of Thread: syslog-ng Bencsath Boldizsar
Next in Thread: syslog-ng Bencsath Boldizsar
Articles sorted by: [Date]
[Author]
[Subject]