From: Amon Ott <ao@rsbac.org>
Subject: Re: problems about MAC.
Date: Thu, 28 Sep 2000 11:24:11 +0200
Next Article (by Subject): Re: Amon Ott
Previous Article (by Subject): problems about MAC. hollace
Top of Thread: problems about MAC. hollace
Articles sorted by: [Date]
[Author]
[Subject]
On Die, 26 Sep 2000 hollace wrote: > i have a rsbac-enabled kernel, MAC and ACL module are active. > problems: > 1. a file with sensible lable cant be copyed. > 2. a dir with sensible lable cant be entered, but > chdir(/dir/with/sensible/label/) in a program works. Rockee just sent a similar mail. These are probably *-property problems. If your shell already has written to an object of level 0, you are not allowed to read from anything with higher level, e.g. by CHDIR. So either set .bashrc etc. also to higher level or use helper programs. Please note that network access may be also checked. For copying: Creating a file in a directory is a write access to it. If the directory you copy to is level 0, you cannot copy files of level > 0 to it. As a temporary (but insecure in MAC sense) workaround you can set the mac_trusted flag on /bin/bash or /bin/cp. This flag turns off *-property checking for this executable. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: Amon Ott
Previous Article (by Subject): problems about MAC. hollace
Top of Thread: problems about MAC. hollace
Articles sorted by: [Date]
[Author]
[Subject]