[rsbac] RC type/role ASSIGN right for meta-roles

Amon Ott ao at rsbac.org
Thu Jul 14 16:21:20 CEST 2005

On Donnerstag 14 Juli 2005 16:08, Rafal Bisingier wrote:
> I wanted to write that I found another bug in rsbac-admin tools, but
> remembering last my "problem" solution ;-) I'll just ask instead:
> Is there a way to grant a role which is not AdminType a 
> right to meta-roles used for default FD force/init roles
> (inherit_parent, inherit_user, inherit_process, mix_inherit, 
> To make it clear: I need a way to get some role a right needed to 
> 	rc_force_role (from: -1 = inherit_user, -2 = inherit_process,
> 		-3 = inherit_parent, -4 = inherit_user_on_chown_only)
> 	rc_initial_role (from: -3 = inherit_parent, -5 = use_force_role)
> to anything else.
> Currently I use a workaround: I've changed rc_force_role of parent 
> to some role for which my role have MODIFY_ATTRIBUTE right.

Sorry, there is no way yet to allow this. Probably all we would need 
is a way to include these special roles into the list of 
assign_roles, which is a rather small change. I will think about it.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list