From: Amon Ott <ao@rsbac.org>
Subject: Re: RSBAC suggestions / Problems
Date: Wed, 11 Jul 2001 12:37:13 +0200
Next Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Previous Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Top of Thread: RSBAC suggestions / Problems "Kaladis"
Next in Thread: Re: RSBAC suggestions / Problems Arkady A Drovosekov
Articles sorted by: [Date]
[Author]
[Subject]
On Mit, 11 Jul 2001 Arkady A Drovosekov wrote: > On Wed, Jul 11, 2001 at 10:26:16AM +0200, Amon Ott wrote: > > You and all others: Do you think, there should be a global RSBAC config switch > > 'Disable Linux filesystem access control', which disables all Linux filesystem > > access control in vfs_permission()? > yes, sometimes it would be nice to have such switch. There is a minor problem > with default ACLs, but it mainly responsibility of the maintainers of different > distros ;-) How about a solution like this: - New CONFIG_RSBAC_ALLOW_DAC_DISABLE kernel config switch - DAC is still on by default - A kernel parameter and a runtime switch can toggle the check - Runtime switch is controlled by a RSBAC request MODIFY_PERMISSIONS_DATA on target T_NONE (SCD other in RC and ACL). Comments? Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Previous Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Top of Thread: RSBAC suggestions / Problems "Kaladis"
Next in Thread: Re: RSBAC suggestions / Problems Arkady A Drovosekov
Articles sorted by: [Date]
[Author]
[Subject]