[rsbac] RC type/role ASSIGN right for meta-roles
Amon Ott
ao at rsbac.org
Thu Jul 14 17:26:40 CEST 2005
On Donnerstag 14 Juli 2005 16:21, Amon Ott wrote:
> On Donnerstag 14 Juli 2005 16:08, Rafal Bisingier wrote:
> > I wanted to write that I found another bug in rsbac-admin tools,
but
> > remembering last my "problem" solution ;-) I'll just ask instead:
> > Is there a way to grant a role which is not AdminType a
> MODIFY_ATTRIBUTE
> > right to meta-roles used for default FD force/init roles
> > (inherit_parent, inherit_user, inherit_process, mix_inherit,
> use_force)?
> > To make it clear: I need a way to get some role a right needed to
> change
> > rc_force_role (from: -1 = inherit_user, -2 = inherit_process,
> > -3 = inherit_parent, -4 = inherit_user_on_chown_only)
> > rc_initial_role (from: -3 = inherit_parent, -5 = use_force_role)
> > to anything else.
> > Currently I use a workaround: I've changed rc_force_role of parent
> dir
> > to some role for which my role have MODIFY_ATTRIBUTE right.
>
> Sorry, there is no way yet to allow this. Probably all we would need
> is a way to include these special roles into the list of
> assign_roles, which is a rather small change. I will think about it.
Actually, the only check was in rc_set_item. The attached patch
disables this check, so you can try with special roles in
assign_roles.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde abgetrennt...
Dateiname : enable-assign-special-roles.diff
Dateityp : text/x-diff
Dateigr??e : 553 bytes
Beschreibung: nicht verf?gbar
URL : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050714/9017c300/enable-assign-special-roles.bin
More information about the rsbac
mailing list