Re: about MAC


From: Amon Ott <ao@rsbac.org>
Subject: Re: about MAC
Date: Wed, 12 Jul 2000 11:50:54 +0200

Next Article (by Subject): Re: about MAC Amon Ott
Previous Article (by Subject): about MAC Hollace Leon
Top of Thread: about MAC Hollace Leon
Next in Thread: Re: about MAC Amon Ott
Articles sorted by: [Date] [Author] [Subject]


On Mit, 12 Jul 2000 Hollace Leon wrote:
> I was often told: operation not permitted 
> when I set a security level for a FD as a secoff.

What is the exact RSBAC syslog message, when this happens?

> Doesn't secoff  have related rights or else reason?

You still need Linux rights to see the file/dir. Could this be the problem?

If you don't like that behaviour, you can cange the calls to lookup_dentry in
lines 268, 321, 371, 549, 589 and 627 of rsbac/help/syscalls.c to
rsbac_lookup_dentry.
Warning: This is a hack that gives everybody indirect
lookup on every file and dir! Every solution must change original Linux rights
behaviour.

> I want to know how to test the MAC.who can help me?

You can always ask on this list. Also, Chris should be listening at
rsbac-mac@rsbac.org.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: about MAC Amon Ott
Previous Article (by Subject): about MAC Hollace Leon
Top of Thread: about MAC Hollace Leon
Next in Thread: Re: about MAC Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.