rsbac-v1.1.2-pre4 uploaded


From: Amon Ott <ao@rsbac.org>
Subject: rsbac-v1.1.2-pre4 uploaded
Date: Fri, 27 Apr 2001 17:16:16 +0200

Next Article (by Date): Re: [crispin@WIREX.COM: Linux Security Module Interface] Volckov Konstantin Michailovich
Previous Article (by Date): Re[4]: RSBAC and XFree86-4.0.3 ? Keith Matthews
Articles sorted by: [Date] [Author] [Subject]


- please use pre3 patches
- 1.1.2 functionally finished
- Attention: new FD aci version with auto-update! Use with write-to-disk
disabled, if you want to keep your attributes for previous versions!
- generic lists of lists
- PM data structures moved to generic lists and lists of lists
- PM proc interface added, write_list function removed

- new RC FD attribute rc_initial_role: 
if value is not use_force_role (default), the given value is used as process
role after execution, despite the force_role setting. At the next setuid or
exec, the force_role value is taken as before.
Usage example: set initial role to general user for /bin/login (or
/usr/sbin/smbd). It is run by root, but with role 0. When user logs in, the
setuid leads to login getting the user's def_role as desired.

- ff_flags changed to 16 bit to get room for possible new flags
- Tools update for initial_role and 16 bit ff_flags

Please test (as usual) - I do not intend to add functionality till final, only
bugfixes.

Stanislav: Could you please look into tool build, the switch for MAC
inheritance is missing, so we get wrong backups with attr_back_fd.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: [crispin@WIREX.COM: Linux Security Module Interface] Volckov Konstantin Michailovich
Previous Article (by Date): Re[4]: RSBAC and XFree86-4.0.3 ? Keith Matthews
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.