Re: rsbac-patch-2.2.7-v1.0.9-pre1

From: ao@morpork.shnet.org (A. Ott)
Subject: Re: rsbac-patch-2.2.7-v1.0.9-pre1
Date: 13 May 1999 10:58:00 +0200

Next Article (by Subject): rsbac-patch-2.2.9-v1.0.9-pre3 ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): rsbac-patch-2.2.7-v1.0.9-pre1 ao@morpork.shnet.org (A. Ott)
Top of Thread: rsbac-patch-2.2.7-v1.0.9-pre1 ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]

********* ***************** ********** ****  *****   ***** ************
  To subject rsbac-patch-2.2.7-v1.0.9-pre1
  ao@morpork.shnet.org (A. Ott)  wrote:
********** ******************** ******  ********  ******* *************

> I put up a first pre of the 1.0.9 version, which includes module support.
> Now additional decision modules can be loaded as kernel modules and get
> registered by the RSBAC system. Sure this support can be turned off -
> modules are a risk by themselves.
>
> There is no attribute registration, though, so each module must take care
> of its own access control information. General attribute sets are fixed
> size, and breaking this scheme would slow down attribute access
> significantly. Look at /proc/rsbac-info/xstats to see why this is
> important.
>
> PM and AUTH already have their own attribute sets, and its not that
> difficult to adapt them.
>
> Never before new security models could be tested under Linux so easily and
> fast... :)

The pre2 for kernel 2.2.8 is out there. Nothing functionally changed  
except the AUTH special cap value for 'original user', which had to be  
moved back to -3. -1 was used as UID by cron, -2 is traditionally reserved  
for nobody.

Amon.

--
Please remove second ao for E-Mail reply - no spam please!
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.