[rsbac] MAC module
Amon Ott
ao at rsbac.org
Wed Sep 5 09:49:20 CEST 2007
On Wednesday 05 September 2007 09:19, Fix wrote:
> I thought MAC module is not supposed to control access to SCD
> objects. (?) I can set MAC seclevel for FILE, DIR, USER and
> PROCESS, but syslog says that "Sep 3 15:45:03 localhost kernel:
> 0000000286|rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid
> 2203, ppid 1512, prog_name mysqld, prog_file /usr/sbin/mysqld, uid
> 26, target_type SCD, tid priority, attr none, value none, result
> NOT_GRANTED (Softmode) by MAC" Is there any way to get/set MAC
> seclevel of SCD objects, or maybe I missed something? Kernel
> 2.6.22.5/x86_64/pax/rsbac 1.3.5
Some checks are hardcoded in the module. I agree that
MODIFY_SYSTEM_DATA on SCD priority is not critical and should be
allowed.
The attached patch allows it.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mac-scd-priority.diff
Type: text/x-diff
Size: 468 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20070905/05790cd3/attachment.bin
More information about the rsbac
mailing list