[rsbac] RC Boot Role

Chirag Pandya cpandya at gmail.com
Wed Jan 25 20:16:31 CET 2006

Hello All,
I'm trying to understand the "RC Boot Role" more carefully so that I
can prevent root from adding/editing init scripts.
Here is my understanding so far:
1.  Set /etc/init.d type to something other than 2 (System Admin). 
Let's say I set it to type 999999
2.  Allow ROLE 999999 to read and run objects of type 999999
3.  Set ROLE 2's compatibility with type 999999 to include no WRITE/EDIT rights.
4.  Set boot_role = 1 for ROLE 999999 and boot_role = 0 for ROLE 2.

Is this the intended use of this role?


More information about the rsbac mailing list