[rsbac] About SCD T_swap.

Amon Ott ao at rsbac.org
Mon Jan 12 15:26:28 CET 2009

Am Sünndag 11 Januor 2009 schrieb Javier J. Martínez Cabezón:
> Hi all, while looking some code of 1.3.7 rsbac version (swapfile.c)
> when you add one partition/file with swapon and swapoff it only checks
> that you own the capability CAP_SYS_ADMIN and if you have
> MODIFY_SYSTEM_DATA in SCD_swap and ADD_TO_KERNEL rights in the
> file/device to add. ADD_TO_KERNEL (and REMOVE_TO_KERNEL) to SCD_swap
> is ignored isn't it?. I'm wrong thinking that the only right useful in
> SCD type swap is MODIFY_SYSTEM_DATA?. I think that some others SCD has
> the same isn't it?

Most SCD targets only have checks for GET_STATUS_DATA (read) and 
MODIFY_SYSTEM_DATA (write settings). The special case is SCD other, which is 
used by some models (RC, ACL) to control access to NONE targets.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list