From: Amon Ott <ao@rsbac.org>
Subject: Re: soft mode (was: rsbac-v1.1.1-pre4 uploaded)
Date: Mon, 26 Feb 2001 09:45:26 +0100
Next Article (by Subject): soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Previous Article (by Subject): RE: SMP kernel. "hollace leon"
Articles sorted by: [Date]
[Author]
[Subject]
On Mon, 26 Feb 2001 Jörgen Sigvardsson wrote:
> On Monday 26 February 2001 06:56, Stanislav Ievlev wrote:
> > Interesting Idea! Many Security Management Systems has "soft" mode. It very
> > usefull to correct restrictions.
> >
> > Amon. What about some option in /proc? (like
> > /proc/sys/net/ipv4/ip_forward).
>
> in rsbac_adf_request()
> result = rsbac_adf_request_int(...);
> if(soft_mode)
> result = DO_NOT_CARE; /* (or GRANTED perhaps?) */
>
> should probably do the trick..?
Yes, that is one place. We need a clean way to get it included without
security problems. Maybe:
- Compile time option 'support soft mode'
- A kernel parameter rsbac_soft_mode to switch it on before boot
- A setting in /proc/rsbac-info/debug
- As soft mode effectively switches off access control, we will have to run a
SWITCH_MODULE request, e.g. with switch target SW_NONE, through all modules
before the setting is done
- This can also be integrated into sys_rsbac_switch()
> BTW, RSBAC was mentioned on slashdot the other day with an URL to
> rsbac.org on the front page. Did the web server need CPR afterwards? ;)
Well, you might know that rsbac.org is just a virtual server on a real big
machine with a lot of bandwidth... Still, there was a significant number of
additional requests :)
Amon.
Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Subject): soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Previous Article (by Subject): RE: SMP kernel. "hollace leon"
Articles sorted by: [Date]
[Author]
[Subject]