Back to igraltist's experiences / RC Modules
To test if its works, login and type,
rc_get_current_role
it's should show the assigned Role of the user.
Next is to test if the correct filepermission is obtain when create a file in the user homedirectory.
touch create_test ls -la create_test
This should show you the correct filepermission of the logged in user.
Login as root user.
rc_get_current_role rc_get_current_role: current role is 2
Test the ``rc_fd_type`` on home users direcorty As root user:
ls /home/jens
Sun May 10 17:21:10 2009 :<7>0000001387|check_comp_rc(): pid 7966 (ls), owner 0, rc_role 2, DIR rc_type 1000, request GET_STATUS_DATA -> NOT_GRANTED! Sun May 10 17:21:10 2009 :<6>0000001388|rsbac_adf_request(): request GET_STATUS_DATA, pid 7966, ppid 1216, prog_name ls, prog_file /bin/ls, uid 0, remote ip 192.168.1.5, target_type DIR, tid Device 254:01 Inode 178471 Path /home/jens, attr none, value none, result NOT_GRANTED by RC
You can see the RC role 2 has no rights on the rc_type_fd 1000 which was created bevor.
The next is,
cat /proc/rsbac-info/rmsg
A ``tail -f /security/log/security-log`` as security user:
Sun May 10 17:26:23 2009 :<7>0000001389|check_comp_rc_scd(): pid 7967 (cat), owner 0, rc_role 2, scd_type 9, request GET_STATUS_DATA -> NOT_GRANTED! Sun May 10 17:26:23 2009 :<6>0000001390|rsbac_adf_request(): request GET_STATUS_DATA, pid 7967, ppid 1216, prog_name cat, prog_file /bin/cat, uid 0, remote ip 192.168.1.5, target_type SCD, tid rsbac_log, attr none, value none, result NOT_GRANTED by FF RC AUTH ACL