[rsbac] RC type/role ASSIGN right for meta-roles

Rafal Bisingier ravbc at man.poznan.pl
Thu Jul 14 16:08:16 CEST 2005


I wanted to write that I found another bug in rsbac-admin tools, but
remembering last my "problem" solution ;-) I'll just ask instead:
Is there a way to grant a role which is not AdminType a MODIFY_ATTRIBUTE
right to meta-roles used for default FD force/init roles
(inherit_parent, inherit_user, inherit_process, mix_inherit, use_force)?
To make it clear: I need a way to get some role a right needed to change 
	rc_force_role (from: -1 = inherit_user, -2 = inherit_process,
		-3 = inherit_parent, -4 = inherit_user_on_chown_only)
	rc_initial_role (from: -3 = inherit_parent, -5 = use_force_role)
to anything else.
Currently I use a workaround: I've changed rc_force_role of parent dir
to some role for which my role have MODIFY_ATTRIBUTE right.

Rafal Bisingier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050714/88e47084/attachment.bin

More information about the rsbac mailing list