[rsbac] dynamic created devices
Murf
murf at post.cz
Tue Mar 29 11:21:43 CEST 2005
Amon Ott wrote:
>>1) manage the subject (in following named s_cre), which theese
>
> devices create to create
>
>>it with special rc dev type. But Its not possible in rsbac (there is
>
> only default rc fd type creation).
>
>>If its possible there is also some other problems, like that s_cre
>
> is in most probability
>
>>run under root. So it would have to be default dev created type for
>
> user root role.
>
>>(e.g. udevd process in userland for 2.6.11 kernels)
>
>
> We could introduce a def_dev_create_type for roles. The user root does
> not matter, it is the current process role. I would have to look into
> this to see how exactly the new devices get created - the special
> file has no meaning in RSBAC, it is the type-major-minor combo.
>
Yes, def_dev_create_type is what i meant. I haven't checked what process
is it (udevd?). This sounds clear in context of model philosophy.
> The to-do list contains an item "Let process choose RC type of new
> item". We could use this and make the daemon choose, but I do not
> like that idea.
>
> Amon.
It means modify of userland aps. I think that this isn't what
we would like.
Rgds,
Murf
More information about the rsbac
mailing list