Re: RC. Dynamic Role Switching


From: Stanislav Ievlev <inger@altlinux.ru>
Subject: Re: RC. Dynamic Role Switching
Date: Mon, 18 Jun 2001 19:11:56 +0400

Next Article (by Date): rsbac-admin as .deb file? Sebastian Andersson
Previous Article (by Date): Re: RC. Dynamic Role Switching Amon Ott
Top of Thread: RC. Dynamic Role Switching Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Amon Ott wrote:

>On Mon, 18 Jun 2001 Stanislav Ievlev wrote:
>
>>There are following problem.
>>
>>Some processes needs different permissions in different time, e.g. http 
>>server apache need different roles for different virtual hosts
>>Example:
>>a) "Role 1" --> (for www.test1.com) Full access to all files in 
>>/var/www/test1/*, no access outside this dir.
>>b) "Role 2" --> (for www.test2.com) Full access to all files in 
>>/var/www/test2/*, no access outside this dir.
>>
>>Unfortunately, kernel cannot understand process's wishes. Process will 
>>have to ask kernel - change role itself.
>>
>>I propose changes in RC for this goal:
>>To add to rsbac_adf_request_rc() new checking for R_MODIFY_ATTRIBUTE.
>>New GRANTED: If (target==T_PROCESS) and (process change it's own role) 
>>and (this role in assigned) then GRANTED
>>
>
>This is a typical szenario for compatible roles:
>- Server starts with role 'httpd', which is compatible to roles 1 and 2
>- when acting for test1, server changes to role 1 (with
>sys_rsbac_rc_change_role)
>- when acting for test2, change to role 2
>- if roles 1 and 2 are compatible with 'httpd', server can switch back,
>otherwise it cannot and should exit here
>
Opps ... I've busked :)))

>
>Amon.
>-
>To unsubscribe from the rsbac list, send a mail to
>majordomo@rsbac.org with
>unsubscribe rsbac
>as single line in the body.
>
>.
>



-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): rsbac-admin as .deb file? Sebastian Andersson
Previous Article (by Date): Re: RC. Dynamic Role Switching Amon Ott
Top of Thread: RC. Dynamic Role Switching Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.