[rsbac] Re: [OBORONA-SPAM] rc type for /proc
Thomas Mueller
news-exp-jun04 at tmueller.com
Sat May 22 14:30:05 CEST 2004
On Sat, 22 May 2004 12:02:20 +0200 Michal Purzynski wrote:
>> ACLs on /proc disappear after reboot too... I do not see decisions...
>>
>> TM> I've set a rc type for fd /proc, but after every reboot /proc is set to
>> TM> the default. Is there anything special?
>
> yes, there is. /proc filesystem is `virtual`, in these way, that it does
> not exits physicaly on disk, only in memory. so assigning rc type to
> /proc filesystem need to be done from the kernel.
I understand why I can't set different types for files below /proc/
(because they are virtual and have no inode).
/proc/ is a directory with an inode on my hd, so I should be able to set a
rc type (and the type should be remembered after reboots because the
inode doesn't change) ?
Every file below /proc/ gets the default 'inherit parent dir' and should
get the type of /proc/ because of that?
What's the solution for that problem? I use devfs so it's the same for
/dev/. Do I have to leave /proc and /dev with rc type 'inherit parent dir'
? So if a role wants to read in /proc I always have to give read access to
/, /proc and /dev ?
Thanks for your help!
Thomas
--
http://www.tmueller.com for pgp key (95702B3B)
More information about the rsbac
mailing list