Re: RSBAC suggestions / Problems


From: Amon Ott <ao@rsbac.org>
Subject: Re: RSBAC suggestions / Problems
Date: Wed, 11 Jul 2001 12:37:13 +0200

Next Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Previous Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Top of Thread: RSBAC suggestions / Problems "Kaladis"
Next in Thread: Re: RSBAC suggestions / Problems Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]


On Mit, 11 Jul 2001 Arkady A Drovosekov wrote:
> On Wed, Jul 11, 2001 at 10:26:16AM +0200, Amon Ott wrote:
> > You and all others: Do you think, there should be a global RSBAC config switch
> > 'Disable Linux filesystem access control', which disables all Linux filesystem
> > access control in vfs_permission()?
> yes, sometimes it would be nice to have such switch. There is a minor problem
> with default ACLs, but it mainly responsibility of the maintainers of different
> distros ;-)

How about a solution like this:

- New CONFIG_RSBAC_ALLOW_DAC_DISABLE kernel config switch
- DAC is still on by default
- A kernel parameter and a runtime switch can toggle the check
- Runtime switch is controlled by a RSBAC request MODIFY_PERMISSIONS_DATA on
target T_NONE (SCD other in RC and ACL).

Comments?

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Previous Article (by Subject): Re: RSBAC suggestions / Problems Arkady A Drovosekov
Top of Thread: RSBAC suggestions / Problems "Kaladis"
Next in Thread: Re: RSBAC suggestions / Problems Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.