[rsbac] About SCD T_swap.
Amon Ott
ao at rsbac.org
Mon Jan 12 15:26:28 CET 2009
Am Sünndag 11 Januor 2009 schrieb Javier J. Martínez Cabezón:
> Hi all, while looking some code of 1.3.7 rsbac version (swapfile.c)
> when you add one partition/file with swapon and swapoff it only checks
> that you own the capability CAP_SYS_ADMIN and if you have
> MODIFY_SYSTEM_DATA in SCD_swap and ADD_TO_KERNEL rights in the
> file/device to add. ADD_TO_KERNEL (and REMOVE_TO_KERNEL) to SCD_swap
> is ignored isn't it?. I'm wrong thinking that the only right useful in
> SCD type swap is MODIFY_SYSTEM_DATA?. I think that some others SCD has
> the same isn't it?
Most SCD targets only have checks for GET_STATUS_DATA (read) and
MODIFY_SYSTEM_DATA (write settings). The special case is SCD other, which is
used by some models (RC, ACL) to control access to NONE targets.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list