From: Amon Ott <ao@rsbac.org>
Subject: Re: A little patch - init security level and MAC categories and a question
Date: Tue, 16 Jan 2001 12:43:13 +0100
Next Article (by Date): Phil
Previous Article (by Date): Re: 2.2.18 version cant login at start "John Huttley"
Next in Thread: Re: A little patch - init security level and MAC categories and a question Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
On Fre, 12 Jan 2001 janos.milus@dataware.debis.hu wrote: > There is a little bug when process init registering in the version > 1.1.1-pre1. > Init got the default MAC categories and the default security level, not the > owner's (root's) security level and categories. > The patch is in attach against aci_data_structures.c > With this I can boot and log in to my computer, where the root (/) > directory > has more MAC categories. So far, init gets default categories and seclevel, defined in aci_data_structures.h. Maybe we should change these default settings to maximum, but keep root's on a minimum? > The question is: how can I set the MAC categories to a device, wich has > major/minor > numbers but has no inode under /dev ? For example the proc is not > mountable, > because it has default security level and categories. > (See attached file: patch) The problem is that device numbers for device-less mounts get dynamically assigned. What we could do is leave out the device attribute check for these devices - this is easy, because they always get major number 0. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Phil
Previous Article (by Date): Re: 2.2.18 version cant login at start "John Huttley"
Next in Thread: Re: A little patch - init security level and MAC categories and a question Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]