[rsbac] new features
Michal Purzynski
albeiro at zeus.polsl.gliwice.pl
Tue Nov 2 16:41:35 CET 2004
On Tue, 2 Nov 2004, Andrea Pasquinucci wrote:
> - rsbac_softmode_noback
> this will be like rsbac_softmode, that is boot in softmode, but once
> softmode has been turned off, it cannot be turned on again for the
> uptime of the machine
is not it so that your machine will not boot with softmode ?
at least it smells so... ;)
read on...
> - rsbac_secoff_disabled
> this is probably more tricky, any RSBAC configuration should be
> disallowed in secure mode, tools and /proc could be read_only but not
> allow to change any RSBAC configuration, moreover this should apply
> only when softmode is off, when softmode is on secoff should work as
> usual
in fact there are ways you could fix rsbac configuration, but not for one
boot only. but supose you need to make changes in policy, you would have
to restart machine to do it.
> Notice that in both cases I am considering machines which for some
> reasons must boot in softmode.
what are the reasons ? properly configured system does not need softmode
when booting. we have boot role system is booting in by default.
> PS. Where can I find the complete current list of kernel parameters
> without need of reading the source ?
Documentation/rsbac/README-kernparam inside your rsbac kernel source tree.
finally: i am against first idea and only a bit for second one.
Albeiro
More information about the rsbac
mailing list