[rsbac] Linux DAC disable
Amon Ott
ao at rsbac.org
Mon Oct 10 12:33:11 CEST 2005
On Montag 10 Oktober 2005 10:45, Paweł Bylina wrote:
> I have one problem with Linux DAC Disable, it doesn't work on
> normal and softmode. Even I enable
CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
> still doesn't work. In /proc/rsbac-info/debug i don't have
> linux_dac_disable registry, so, what I do wrong?
>
> secoff at debian-selinux:~$ attr_get_file_dir FD /home
linux_dac_disable
> 1
> secoff at debian-selinux:~$ ls -la /home | head -2
> total 52
> drwxrwsr-x 6 root root 4096 Oct 10 00:44 ./
> secoff at debian-selinux:~$ touch /home/create_me
> touch: cannot touch `/home/create_me': Permission denied
> secoff at debian-selinux:~$ id
> uid=222(secoff) gid=100(users)
> secoff at debian-selinux:~$ grep -i dac /usr/src/linux-2.6.11/.config
> # CONFIG_RSBAC_AUTH_DAC_OWNER is not set
> CONFIG_RSBAC_ALLOW_DAC_DISABLE=y
> CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL=y
> CONFIG_RSBAC_ALLOW_DAC_DISABLE_PART=y
This looks all fine. And I just tested it with kernels 2.6.13 and
2.4.31, it worked as expected.
You seem to use kernel 2.6.11. Which RSBAC version do you have in that
kernel?
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list