[rsbac] Sample RSBAC module - PS
Amon Ott
ao at rsbac.org
Fri Sep 7 10:30:43 CEST 2007
On Friday 07 September 2007 10:18, Fix wrote:
> This module allows ordinary users to only view their own processes,
> while root and secoff are allowed to view all processes.
>
> The module is not tested well enough, but seems to work for me.
Using auth_start_uid is an interesting idea. The code looks good at a
first glance. If you turn it into a REG module I can include it into
the admin tools package, see
http://www.rsbac.org/documentation/write_your_decision_module
CAP process hiding provides very similar functionality, though. Just
enable it in kernel config and use cap_process_hiding kernel
parameter.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list