bind 0.0.0.0 does not allow bind to any IP address (?)

Submit your RBAC policies or suggest policy improvements

bind 0.0.0.0 does not allow bind to any IP address (?)

Postby bearclaw » Mon Apr 17, 2006 11:14 am

Trying to setup network ACLs, I have the following problem:
Code: Select all
role default G
role_transitions admin
subject /
 ...
  bind disabled
subject /usr/sbin/vsftpd p
        /var/log/vsftpd.log a
        /srv/http/www   rwcd
        +CAP_SYS_CHROOT
        bind MYIP stream tcp  #atempt 1
        bind 0.0.0.0 stream tcp              #atempt 2


using attempt #1 works(with MYIP being my eth0 ip address), but attempts #2 fails, I get

(default:D:/usr/sbin/vsftpd) denied bind() to MYIP port 54167 sock type stream protocol tcp by /usr/sbin/vsftpd[vsftpd:1744] uid/euid:1008/1008 gid/egid:1008/1008, parent /usr/sbin/vsftpd[vsftpd:1769] uid/euid:65534/65534 gid/egid:65534/65534


Any idea what's going wrong? Or is this the expected behavior?
bearclaw
 
Posts: 7
Joined: Mon Nov 29, 2004 6:41 pm

Postby bearclaw » Wed Apr 19, 2006 2:32 pm

Replying to myself (instead of removing as others can do the same mistake)
default mask is 32, not 0, what I wanted was "0.0.0.0/0"
bearclaw
 
Posts: 7
Joined: Mon Nov 29, 2004 6:41 pm


Return to RBAC policy development