Re: RC. Dynamic Role Switching


From: Amon Ott <ao@rsbac.org>
Subject: Re: RC. Dynamic Role Switching
Date: Mon, 18 Jun 2001 16:41:41 +0200

Next Article (by Date): Re: RC. Dynamic Role Switching Stanislav Ievlev
Previous Article (by Date): RC. Dynamic Role Switching Stanislav Ievlev
Top of Thread: RC. Dynamic Role Switching Stanislav Ievlev
Next in Thread: Re: RC. Dynamic Role Switching Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


On Mon, 18 Jun 2001 Stanislav Ievlev wrote:
> There are following problem.
> 
> Some processes needs different permissions in different time, e.g. http 
> server apache need different roles for different virtual hosts
> Example:
> a) "Role 1" --> (for www.test1.com) Full access to all files in 
> /var/www/test1/*, no access outside this dir.
> b) "Role 2" --> (for www.test2.com) Full access to all files in 
> /var/www/test2/*, no access outside this dir.
> 
> Unfortunately, kernel cannot understand process's wishes. Process will 
> have to ask kernel - change role itself.
> 
> I propose changes in RC for this goal:
> To add to rsbac_adf_request_rc() new checking for R_MODIFY_ATTRIBUTE.
> New GRANTED: If (target==T_PROCESS) and (process change it's own role) 
> and (this role in assigned) then GRANTED

This is a typical szenario for compatible roles:
- Server starts with role 'httpd', which is compatible to roles 1 and 2
- when acting for test1, server changes to role 1 (with
sys_rsbac_rc_change_role)
- when acting for test2, change to role 2
- if roles 1 and 2 are compatible with 'httpd', server can switch back,
otherwise it cannot and should exit here

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: RC. Dynamic Role Switching Stanislav Ievlev
Previous Article (by Date): RC. Dynamic Role Switching Stanislav Ievlev
Top of Thread: RC. Dynamic Role Switching Stanislav Ievlev
Next in Thread: Re: RC. Dynamic Role Switching Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.