[rsbac] RSBAC kernel configurations menu question

tazok tazok.id0 at gmail.com
Thu May 3 19:19:08 CEST 2007


First My english sucks.

I think rsbac is only a framework, so it could be a great security solution
used properly or be a great teethache for you and for your system (use only
the CAP module and grant all minimal capabilities to all users in your
system and you will see :-D ), I always thought that this submenu was
related with the LSM framework and probably the developers wouldn't like to
mix them. However only rsbac developers has the truly answer to this
question and this is the reason because I can't answer you.

I think rsbac includes many features even implicated in memory management
(which is also controlled), when I said  the question about complexity I
want mean that rsbac had tentacles everywhere and modify a lot of parts of
the kernel tree at difference with LSM which (AFAIK) doesn't need to do
this.

I think the correct question is: is the security submenu directly related
with LSM¿?, if the answer is yes probably you will have here the answer, if
it's not, then, only one rsbac developer could answer you...

Well, you could probably control boiling water for tea with rsbac, you only
need a free paralel port and the "howto make coffee" manual near, only make
sure that only users in the "tea addicted" role has access to the device you
have just created and get fun....

>
> Sorry but I completly don't understand what kind of argument is RSBAC
> complexity on answering some general/generic question like "is RSBAC is
> security related or not ?".
> Yes .. RSBAC don't uses LSM but it is known fact as same it is not now
> part of vanilla kernel tree and yes .. not it is not part of kernel
> security infrastructture in stricte sense (curent kernel).
> Is it Access Control subject isn't (only ?) security related ? IMO: yes
> and nothing more.
> If not what another ? And/or can you list any other not
> security/auditing related RSBAC usage ?
> Can I use RSBAC for control boiling water for tea ? ;>
>
> kloczek
>
> _______________________________________________
> rsbac mailing list
> rsbac en rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac


More information about the rsbac mailing list