[rsbac] secoff readonly DAC disabling

Amon Ott ao at rsbac.org
Thu Sep 21 14:25:05 CEST 2006

On Donnerstag 21 September 2006 14:14, Andrea Pasquinucci wrote:
> What about having the possibility only for secoff (uid=400) to have 
> readonly access to all the filesystem, overriding DAC access 
> This could be a compilation or boot parameter. 

I use CAP min_cap DAC_READ_SEARCH for secoff, which does exactly this.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list