[rsbac] RSBAC RES Module
Chirag Pandya
cpandya at gmail.com
Tue Jun 14 23:08:13 CEST 2005
Hello Ralf,
I tried (as you suggested) setting res_min but it doesn't work over su
(to a power user).
I set res_min fsize for default user (-4) to 10M. I then set res_min
fsize = 0 for admin
When I try to create a large file as regular user, the limit is
enforced as designed. However, when I su to admin, the limit is still
enforced.
--
Chirag
On 6/14/05, Ralf Horstmann <ralf.horstmann at webwasher.com> wrote:
> Hey Chirag,
>
> on Tue, 14 Jun 2005, Chirag Pandya wrote:
>
> > As you can see, fwadmin inherits settings for user1. I tried to
> > create a large file for fwadmin and the limits were enforced.
> >
> > If I use login and allow fwadmin to login in directly, he does end up
> > with unlimited resources as configured.
> >
> > Is this a "su" bug? Has anyone else seen this behaviour?
>
> From looking at the code I would say that you need to use res_min
> instead of res_max to raise the value. As far as I understand, res_max
> is only enforced if current limits are higher than the given maximum.
> res_min raises the values, if they current limits are lower than given
> minimum.
>
> Ralf.
>
>
>
> BodyID:89894210.2.n.logpart (stored separately)
>
>
More information about the rsbac
mailing list