[rsbac] Help for NETxxx and CAPABILITIES
rsbac@rsbac.org
rsbac@rsbac.org
Fri Apr 19 09:11:07 2002
This is a multipart message in MIME format.
--=_alternative 0025106EC1256BA0_=
Content-Type: text/plain; charset="us-ascii"
Hello,
I have played a lot with earlier version of rsbac but due to the lack of
CAPs and real network controll I stopped the attempts. Now with 1.2.0pre
versions I took a look at it again.
I read the papers on www.rsbac.org (they didn't changed a lot) and found
only a little information about CAPs and network. I also read the
information in Documentation/rsbac.
But till now I am unable to do the following:
I made a usual RC role and types for bind. From the file ACL side it works
quite well, but I had to give permissions to GENERAL_NETOBJ and I do not
want to do it. I didn't know how to tell Named_RC_Role to use my
Named_NETOBJ.
To summarize it my goal is to not let use any other CAPs that is necessary
for it (just CAP_SETUID, CAP_SETGID, CAP_SYS_CHROOT,..) and restrict it to
use only specified interfaces and of course let it only bind to 53 and 953
ports.
PLEASE if someone could write a short example for the above one, I could
appreciate it. And I also think it would be great to have such an
information among the docus. (Now the menu driven would be great but I
used to use scripts for the tasks so perhaps those would also be useful).
Thank you well in advance.
Sincerely yours,
Gabor Horvath
ghorvath@minolta.hu
--=_alternative 0025106EC1256BA0_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">Hello, </font>
<br>
<br><font size=2 face="sans-serif">I have played a lot with earlier version of rsbac but due to the lack of CAPs and real network controll I stopped the attempts. Now with 1.2.0pre versions I took a look at it again. </font>
<br><font size=2 face="sans-serif">I read the papers on www.rsbac.org (they didn't changed a lot) and found only a little information about CAPs and network. I also read the information in Documentation/rsbac.</font>
<br>
<br><font size=2 face="sans-serif">But till now I am unable to do the following:</font>
<br><font size=2 face="sans-serif">I made a usual RC role and types for bind. From the file ACL side it works quite well, but I had to give permissions to GENERAL_NETOBJ and I do not want to do it. I didn't know how to tell Named_RC_Role to use my Named_NETOBJ.</font>
<br>
<br><font size=2 face="sans-serif">To summarize it my goal is to not let use any other CAPs that is necessary for it (just CAP_SETUID, CAP_SETGID, CAP_SYS_CHROOT,..) and restrict it to use only specified interfaces and of course let it only bind to 53 and 953 ports.</font>
<br>
<br><font size=2 face="sans-serif">PLEASE if someone could write a short example for the above one, I could appreciate it. And I also think it would be great to have such an information among the docus. (Now the menu driven would be great but I used to use scripts for the tasks so perhaps those would also be useful).</font>
<br>
<br><font size=2 face="sans-serif">Thank you well in advance.</font>
<br><font size=2 face="sans-serif">Sincerely yours,</font>
<br><font size=2 face="sans-serif">Gabor Horvath</font>
<br><font size=2 face="sans-serif">ghorvath@minolta.hu</font>
--=_alternative 0025106EC1256BA0_=--