From: Amon Ott <ao@rsbac.org>
Subject: Re: RC. Dynamic Role Switching
Date: Mon, 18 Jun 2001 16:41:41 +0200
Next Article (by Author): Re: rsbac-admin as .deb file? Amon Ott
Previous Article (by Author): Re: softmode vs. PM and RSBAC backup. Amon Ott
Top of Thread: RC. Dynamic Role Switching Stanislav Ievlev
Next in Thread: Re: RC. Dynamic Role Switching Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]
On Mon, 18 Jun 2001 Stanislav Ievlev wrote: > There are following problem. > > Some processes needs different permissions in different time, e.g. http > server apache need different roles for different virtual hosts > Example: > a) "Role 1" --> (for www.test1.com) Full access to all files in > /var/www/test1/*, no access outside this dir. > b) "Role 2" --> (for www.test2.com) Full access to all files in > /var/www/test2/*, no access outside this dir. > > Unfortunately, kernel cannot understand process's wishes. Process will > have to ask kernel - change role itself. > > I propose changes in RC for this goal: > To add to rsbac_adf_request_rc() new checking for R_MODIFY_ATTRIBUTE. > New GRANTED: If (target==T_PROCESS) and (process change it's own role) > and (this role in assigned) then GRANTED This is a typical szenario for compatible roles: - Server starts with role 'httpd', which is compatible to roles 1 and 2 - when acting for test1, server changes to role 1 (with sys_rsbac_rc_change_role) - when acting for test2, change to role 2 - if roles 1 and 2 are compatible with 'httpd', server can switch back, otherwise it cannot and should exit here Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Re: rsbac-admin as .deb file? Amon Ott
Previous Article (by Author): Re: softmode vs. PM and RSBAC backup. Amon Ott
Top of Thread: RC. Dynamic Role Switching Stanislav Ievlev
Next in Thread: Re: RC. Dynamic Role Switching Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]