[rsbac] About SCD T_swap.
Javier J. Martínez Cabezón
tazok.id0 at gmail.com
Sun Jan 11 00:48:12 CET 2009
Hi all, while looking some code of 1.3.7 rsbac version (swapfile.c)
when you add one partition/file with swapon and swapoff it only checks
that you own the capability CAP_SYS_ADMIN and if you have
MODIFY_SYSTEM_DATA in SCD_swap and ADD_TO_KERNEL rights in the
file/device to add. ADD_TO_KERNEL (and REMOVE_TO_KERNEL) to SCD_swap
is ignored isn't it?. I'm wrong thinking that the only right useful in
SCD type swap is MODIFY_SYSTEM_DATA?. I think that some others SCD has
the same isn't it?
More information about the rsbac
mailing list