[rsbac] Mac role functions

Chirag Pandya searchformehere at yahoo.com
Thu Oct 16 12:50:19 MEST 2003


Root's MAC settings are as follows:
MAX level = 16
Initial level = 8
Min level = 0
Mac role = 2 (administrator)
user flag = 16 (read up)

attr_set_file_dir is set to 555.
On a file (sitting in root's home dir as root) I can
do:
attr_set_file_dir MAC FILE xxx mac_prop_trusted 1
attr_set_file_dir MAC FILE xxx mac_file_flags 36
(or any combination of file flags)

But I can't do
attr_set_file_dir -a MAC FILE xxx security_level 8
attr_set_file_dir MAC FILE xxx mac_trusted_for_user
400
attr_set_file_dir MAC FILE xxx mac_auto 1

ERROR: wrong_mac_role

I believe root shouldn't be able to set any MAC
attributes.

Is my MAC understanding wrong?  Any suggestions?

Regards,
Chirag

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


More information about the rsbac mailing list