Re: A little patch - init security level and MAC categories and a question

From: Amon Ott <ao@rsbac.org>
Subject: Re: A little patch - init security level and MAC categories and a question
Date: Tue, 16 Jan 2001 12:43:13 +0100

Next Article (by Subject): Re: A little patch - init security level and MAC categories and a question Amon Ott
Previous Article (by Subject): A little patch - init security level and MAC categories and a janos.milus@dataware.debis.hu
Next in Thread: Re: A little patch - init security level and MAC categories and a question Amon Ott
Articles sorted by: [Date] [Author] [Subject]

On Fre, 12 Jan 2001 janos.milus@dataware.debis.hu wrote:
> There is a little bug when process init registering in the version
> 1.1.1-pre1.
> Init got the default MAC categories and the default security level, not the
> owner's (root's) security level and categories.
> The patch is in attach against aci_data_structures.c
> With this I can boot and log in to my computer, where the root (/)
> directory
> has more MAC categories.

So far, init gets default categories and seclevel, defined in
aci_data_structures.h. Maybe we should change these default settings to
maximum, but keep root's on a minimum?

> The question is: how can I set the MAC categories to a device, wich has
> major/minor
> numbers but has no inode under /dev ? For example the proc is not
> mountable,
> because it has default security level and categories.
> (See attached file: patch)

The problem is that device numbers for device-less mounts get dynamically
assigned.

What we could do is leave out the device attribute check for these devices -
this is easy, because they always get major number 0.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.