[rsbac] Help for NETxxx and CAPABILITIES

rsbac@rsbac.org rsbac@rsbac.org
Fri Apr 19 09:11:07 2002

Previous message: [rsbac] rsbac v1.2.0-pre7 / release candidate #2 uploaded
Next message: [rsbac] Help for NETxxx and CAPABILITIES
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multipart message in MIME format.
--=_alternative 0025106EC1256BA0_=
Content-Type: text/plain; charset="us-ascii"

Hello, 

I have played a lot with earlier version of rsbac but due to the lack of 
CAPs and real network controll I stopped the attempts. Now with 1.2.0pre 
versions I took a look at it again. 
I read the papers on www.rsbac.org (they didn't changed a lot) and found 
only a little information about CAPs and network. I also read the 
information in Documentation/rsbac.

But till now I am unable to do the following:
I made a usual RC role and types for bind. From the file ACL side it works 
quite well, but I had to give permissions to GENERAL_NETOBJ and I do not 
want to do it. I didn't know how to tell Named_RC_Role to use my 
Named_NETOBJ.

To summarize it my goal is to not let use any other CAPs that is necessary 
for it (just CAP_SETUID, CAP_SETGID, CAP_SYS_CHROOT,..) and restrict it to 
use only specified interfaces and of course let it only bind to 53 and 953 
ports.

PLEASE if someone could write a short example for the above one, I could 
appreciate it. And I also think it would be great to have such an 
information among the docus. (Now the menu driven would be great but I 
used to use scripts for the tasks so perhaps those would also be useful).

Thank you well in advance.
Sincerely yours,
Gabor Horvath
ghorvath@minolta.hu
--=_alternative 0025106EC1256BA0_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">Hello, </font>
<br>
<br><font size=2 face="sans-serif">I have played a lot with earlier version of rsbac but due to the lack of CAPs and real network controll I stopped the attempts. Now with 1.2.0pre versions I took a look at it again. </font>
<br><font size=2 face="sans-serif">I read the papers on www.rsbac.org (they didn't changed a lot) and found only a little information about CAPs and network. I also read the information in Documentation/rsbac.</font>
<br>
<br><font size=2 face="sans-serif">But till now I am unable to do the following:</font>
<br><font size=2 face="sans-serif">I made a usual RC role and types for bind. From the file ACL side it works quite well, but I had to give permissions to GENERAL_NETOBJ and I do not want to do it. I didn't know how to tell Named_RC_Role to use my Named_NETOBJ.</font>
<br>
<br><font size=2 face="sans-serif">To summarize it my goal is to not let use any other CAPs that is necessary for it (just CAP_SETUID, CAP_SETGID, CAP_SYS_CHROOT,..) and restrict it to use only specified interfaces and of course let it only bind to 53 and 953 ports.</font>
<br>
<br><font size=2 face="sans-serif">PLEASE if someone could write a short example for the above one, I could appreciate it. And I also think it would be great to have such an information among the docus. (Now the menu driven would be great but I used to use scripts for the tasks so perhaps those would also be useful).</font>
<br>
<br><font size=2 face="sans-serif">Thank you well in advance.</font>
<br><font size=2 face="sans-serif">Sincerely yours,</font>
<br><font size=2 face="sans-serif">Gabor Horvath</font>
<br><font size=2 face="sans-serif">ghorvath@minolta.hu</font>
--=_alternative 0025106EC1256BA0_=--

Previous message: [rsbac] rsbac v1.2.0-pre7 / release candidate #2 uploaded
Next message: [rsbac] Help for NETxxx and CAPABILITIES
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]