[rsbac] FF and inheritance
Andrea Pasquinucci
cesare at ucci.it
Thu Sep 9 15:38:48 CEST 2004
Hi,
I never used before the FF module and I am confused about inheritance.
In various docs it says that it is easy to set /etc read_only and
/etc/mtab read+write but ... as far as I understand if /etc is
read_only and there are no flags on /etc/mtab, then /etc/mtab inherits
the ones of /etc and is then read_only. The only way out it seems to me
to set the flag no_execute on /etc/mtab, with which everything will be
allowed on /etc/mtab except for EXEC. Am I right ?
Related question, if I set /etc read_only with FF, can I use another
model (RC, ACL) to declare /etc/onefile to be writable by user/process X ?
Thanks Andrea
--
Andrea Pasquinucci
http://www.ucci.it/
More information about the rsbac
mailing list