[rsbac] FF and inheritance

Andrea Pasquinucci cesare at ucci.it
Thu Sep 9 15:38:48 CEST 2004


I never used before the FF module and I am confused about inheritance. 
In various docs it says that it is easy to set /etc read_only and
/etc/mtab read+write but ... as far as I understand if /etc is
read_only and there are no flags on /etc/mtab, then /etc/mtab inherits
the ones of /etc and is then read_only. The only way out it seems to me
to set the flag no_execute on /etc/mtab, with which everything will be
allowed on /etc/mtab except for EXEC. Am I right ? 

Related question, if I set /etc read_only with FF, can I use another
model (RC, ACL) to declare /etc/onefile to be writable by user/process X ?

Thanks Andrea

Andrea Pasquinucci

More information about the rsbac mailing list