[rsbac] Linux DAC disable
Paweł Bylina
pako at cc-team.org
Mon Oct 10 22:14:50 CEST 2005
On Mon, Oct 10, 2005 at 12:33:11PM +0200, Amon Ott wrote:
> On Montag 10 Oktober 2005 10:45, Paweł Bylina wrote:
> > I have one problem with Linux DAC Disable, it doesn't work on
> > normal and softmode. Even I enable
> CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
> > still doesn't work. In /proc/rsbac-info/debug i don't have
> > linux_dac_disable registry, so, what I do wrong?
> >
> > secoff at debian-selinux:~$ attr_get_file_dir FD /home
> linux_dac_disable
> > 1
> > secoff at debian-selinux:~$ ls -la /home | head -2
> > total 52
> > drwxrwsr-x 6 root root 4096 Oct 10 00:44 ./
>
> > secoff at debian-selinux:~$ touch /home/create_me
> > touch: cannot touch `/home/create_me': Permission denied
> > secoff at debian-selinux:~$ id
> > uid=222(secoff) gid=100(users)
> > secoff at debian-selinux:~$ grep -i dac /usr/src/linux-2.6.11/.config
> > # CONFIG_RSBAC_AUTH_DAC_OWNER is not set
> > CONFIG_RSBAC_ALLOW_DAC_DISABLE=y
> > CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL=y
> > CONFIG_RSBAC_ALLOW_DAC_DISABLE_PART=y
>
> This looks all fine. And I just tested it with kernels 2.6.13 and
> 2.4.31, it worked as expected.
>
> You seem to use kernel 2.6.11. Which RSBAC version do you have in that
> kernel?
>
> Amon.
linux-2.6.11 + rsbac-v1.2.4 Linux DAC Disable doesn't work.
I used linux-2.6.13 with rsbac-v1.2.5 and it works fine ;)
Thanks!
More information about the rsbac
mailing list