From: steve <steve@clublinux.org>
Subject: Roles question
Date: Thu, 26 Jul 2001 22:17:15 -0500
Next Article (by Subject): RE: Roles question "Kaladis"
Previous Article (by Subject): Re: Re[8]: RSBAC v1.1.1 problem Amon Ott
Next in Thread: RE: Roles question "Kaladis"
Articles sorted by: [Date]
[Author]
[Subject]
Hi, I'm trying configure qmail under rsbac. I've created a role called 'qmail' that I've given full access to /var/qmail (the location where all qmail processing occurs). I've then set all of the qmail programs (e.g. qmail-stat, qmail-send, etc.) to force RC 'qmail'. However, it fails due to the following error message: /bin/sh: error while loading shared libraries: /lib/libsafe.so.1.3: cannot open shared object file: Operation not permitted and the corresponding rsbac violation message is: Jul 26 17:03:13 localhost kernel: rsbac_adf_request(): request SEARCH, caller_pid 7932, caller_prog_name qmail-qstat, caller_uid 0, target-type DIR, tid Device 8:10 Inode 2 Path /, attr none, value 0, result NOT_GRANTED by RC The rsbac violation message explains the first error message. Nothing special there. But what I can't figure out is why the qmail-qstat program doesn't have "SEARCH" rights on /. I've even tried giving the RC ROLE 'qmail' full rights to /, and it didn't work. My goal is to only allow the qmail programs to operate within /var/qmail and have read access to the few libraries they need outside of /var/qmail. I'm sure I'm missing something obvious, but I don't see it yet. TIA, STeve - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): RE: Roles question "Kaladis"
Previous Article (by Subject): Re: Re[8]: RSBAC v1.1.1 problem Amon Ott
Next in Thread: RE: Roles question "Kaladis"
Articles sorted by: [Date]
[Author]
[Subject]