Re: something about INIT too.


From: Amon Ott <ao@rsbac.org>
Subject: Re: something about INIT too.
Date: Mon, 12 Mar 2001 17:19:39 +0100

Next Article (by Date): kernel oops 2.4.2+raid+smp+pre5 Bencsath Boldizsar
Previous Article (by Date): Re: Forwarded mail.... Amon Ott
Top of Thread: something about INIT too. "hollace leon"
Articles sorted by: [Date] [Author] [Subject]


On Mon, 12 Mär 2001 hollace leon wrote:
> I am testing RSBAC-v1.1.0. 
> I found something:
> 
> process name:            max_read_open    min_write_open     mac_trusted
> --------------------------------------------------------------------------------------------------------
> init                                0                                      0                           0
> kflushd                         0                                     252                        1
> kswapd                       0                                      252                        1
> ......                               ..                                      ..                             ..
> 
> why is init different from other daemons??
> I found in aci_data_structures.h that 
> DEFAULT_INIT_P_ACI={
>    ...
>    252  /* min_write_open  */
>   ....
>    TRUE /* mac_trusted */
>     ...
>   }

The init process executes the program init and thus looses its trusted flag.
When this program writes to objects on level 0, min_write_open is set to 0.

If you need init as trusted, you can set mac_trusted_for_user to 0 or <all> for
/sbin/init (or where your init program is).

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): kernel oops 2.4.2+raid+smp+pre5 Bencsath Boldizsar
Previous Article (by Date): Re: Forwarded mail.... Amon Ott
Top of Thread: something about INIT too. "hollace leon"
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.