headers
Jens Kasten | 27 Mar 2012 14:56
Picon

ACL learn, AUTH learn

Hi list,

Info:

rsbac_version 
Tools: 1.4.6, Kernel: 1.4.6, Tools-String: 1.4.6

uname -a
Linux jaschtschik-pc 3.2.12-rsbac-soft-4+ #1 SMP Mon Mar 26 00:41:32
CEST 2012 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550  <at>  2.83GHz
GenuineIntel GNU/Linux

 
I have ACL learn and AUTH learn enabled in the rsbac kernel
configuration.
Also it is enabled while runtime.

First I do "su - security" and get this:

<6>0000000712|rsbac_adf_request(): request AUTHENTICATE, pid 2747, ppid
2209, prog_name su, prog_file /bin/su, uid 1000, target_type USER, tid
400, attr none, value none, result NOT_GRANTED by ACL

When I do as security user:

	acl_grant USER 1000 AUTHENTICATE USER 400

and try again I can change to the user.
The ACL learn should apply this I think.
(Continue reading)

Permalink | Reply |
headers
Javier Juan Martínez Cabezón | 27 Mar 2012 16:26
Picon

Re: ACL learn, AUTH learn


Everything Learnt go into 0 transaction if I'm not wrong, try this:
rsbac_list_ta commit 0

On 27/03/12 14:56, Jens Kasten wrote:
> Hi list,
> 
> Info:
> 
> rsbac_version 
> Tools: 1.4.6, Kernel: 1.4.6, Tools-String: 1.4.6
> 
> uname -a
> Linux jaschtschik-pc 3.2.12-rsbac-soft-4+ #1 SMP Mon Mar 26 00:41:32
> CEST 2012 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550  <at>  2.83GHz
> GenuineIntel GNU/Linux
> 
>  
> I have ACL learn and AUTH learn enabled in the rsbac kernel
> configuration.
> Also it is enabled while runtime.
> 
> First I do "su - security" and get this:
> 
> <6>0000000712|rsbac_adf_request(): request AUTHENTICATE, pid 2747, ppid
> 2209, prog_name su, prog_file /bin/su, uid 1000, target_type USER, tid
> 400, attr none, value none, result NOT_GRANTED by ACL
> 
> When I do as security user:
>
(Continue reading)

Permalink | Reply |
headers
Lorenzo Marcantonio | 27 Mar 2012 16:43

Re: ACL learn, AUTH learn

On Tue, Mar 27, 2012 at 04:26:32PM +0200, Javier Juan Martínez Cabezón wrote:

> Everything Learnt go into 0 transaction if I'm not wrong, try this:
> rsbac_list_ta commit 0

IIRC the 0 is for 'no transaction, do it now'... maybe he's trying one
of these thing that aren't autolearnt...

--

-- 
Lorenzo Marcantonio
Logos Srl
_______________________________________________
rsbac mailing list
rsbac <at> rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac
Permalink | Reply |
headers
Jens Kasten | 27 Mar 2012 23:40
Picon

Re: ACL learn, AUTH learn

no this does not work.

<6>0000000843|rsbac_adf_request(): request AUTHENTICATE, pid 17532, ppid
5166, prog_name gnome-screensav,
prog_file /usr/libexec/gnome-screensaver-dialog, uid 1000, target_type
USER, tid 1000, attr none, value none, result NOT_GRANTED by ACL

ACL learn is enabled and no message about learning.

Am Dienstag, den 27.03.2012, 16:26 +0200 schrieb Javier Juan Martínez
Cabezón:
> 
> Everything Learnt go into 0 transaction if I'm not wrong, try this:
> rsbac_list_ta commit 0
> 
> 
> 
> 
> On 27/03/12 14:56, Jens Kasten wrote:
> > Hi list,
> > 
> > Info:
> > 
> > rsbac_version 
> > Tools: 1.4.6, Kernel: 1.4.6, Tools-String: 1.4.6
> > 
> > uname -a
> > Linux jaschtschik-pc 3.2.12-rsbac-soft-4+ #1 SMP Mon Mar 26 00:41:32
> > CEST 2012 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550  <at>  2.83GHz
> > GenuineIntel GNU/Linux
(Continue reading)

Permalink | Reply |
headers
Jens Kasten | 28 Mar 2012 14:57
Picon

Re: ACL learn, AUTH learn

btw. I can login from locked screen.
Usally, ACL not AUTHENTICATE should denied it not only print it in the
logfile.

Am Dienstag, den 27.03.2012, 23:40 +0200 schrieb Jens Kasten:
> no this does not work.
> 
> <6>0000000843|rsbac_adf_request(): request AUTHENTICATE, pid 17532, ppid
> 5166, prog_name gnome-screensav,
> prog_file /usr/libexec/gnome-screensaver-dialog, uid 1000, target_type
> USER, tid 1000, attr none, value none, result NOT_GRANTED by ACL
> 
> ACL learn is enabled and no message about learning.
> 
> Am Dienstag, den 27.03.2012, 16:26 +0200 schrieb Javier Juan Martínez
> Cabezón:
> > 
> > Everything Learnt go into 0 transaction if I'm not wrong, try this:
> > rsbac_list_ta commit 0
> > 
> > 
> > 
> > 
> > On 27/03/12 14:56, Jens Kasten wrote:
> > > Hi list,
> > > 
> > > Info:
> > > 
> > > rsbac_version 
> > > Tools: 1.4.6, Kernel: 1.4.6, Tools-String: 1.4.6
(Continue reading)

Permalink | Reply |

Gmane