[rsbac] rc-type-fd test

Jens Kasten jens at igraltist.dyndns.org
Thu Apr 27 06:28:51 CEST 2006

hi liste
i have make a tool do build rc-fd-types for /, /usr /var /etc 
and /etc/{files}. 
some basic policies i build but now i have to merge this with new build 
policy-function wich are empty. e.g its build 
function pol-dir_var_spool(){
   echo "in spol"
and i have this policy
function  pol-dir-var_spool (){
      rc_set_item ROLE 999999 type_comp_fd $rc_fd_while_counter SEARCH 
with default setting.
because first i must run it -b  for build all empty rc-type-fd policies for 
catch all nessary files and directory.
and  then assign this to rsbac it will start count on rc-type-fd number 3.

under http://igraltist.dyndns.org/rc-type-basis.tar.bz2
you can download and test it. it is in experiment so not all policies has
include all nessesary thinks, but enough that security-log get not 
when you test it you will need th zsh and start it with zsh otherwise it not 
the zsh was offer only filenames like cron.daily and allow this name as part 
from the funtionsname. all other not allow . or _ like this in 
functionsnames. also my programming knowledge  is very limit, mayby other 
solution more easy.

the thinking for this was to build first on all main files or directory  and 
put rc-type-fd and then setup the RC-Roles, so this bring out the RC-Role 2 
wich is the root-user, because i have to allow it for get access on this 
rc-types wich everywhere.


More information about the rsbac mailing list