[rsbac] MAC: request MODIFY_SYSTEM_DATA, target NETDEV
Javier J. Martínez Cabezón
tazok.id0 at gmail.com
Tue Jan 13 12:49:24 CET 2009
Multiload-applet is related with gnome?
Why you don't warrant him security_level 0 and one own category for
him?. Keep in mind that MAC not only check the security level if not
also security_level[category], so if you set this to
security_level0[applet] could be fine.
I don't think that setting it as trusted would be a good idea...
I don't think that grant a gnome applet MODIFY_SYSTEM_DATA (I don't
use yet MAC module, but I think that this does it : attr_set_fd MAC
DEV MODIFY_SYSTEM_DATA 1 /usr/lib/multiload-applet-2. Why not only
GET_STATUS_DATA?.
Since MODIFY_SYSTEM_DATA is a write request the *-property forces that
subject and object have the same clearance level. Keep it in mind.
2009/1/13 Gergely Lónyai <alephlg en gmail.com>:
> Hi,
>
> How to resolv this problem. My idea is wrong:
>
> attr_set_fd MAC DEV MODIFY_SYSTEM_DATA 1 /usr/lib/multiload-applet-2
> or
> attr_set_fd MAC FILE security_level 0 /usr/lib/multiload-applet-2
> or
> mac_set_trusted FILE add "/usr/lib/multiload-applet-2" 1000
> or
> Settings /usr/lib/multiload-applet-2 with rsbac_fd_menu.
> The multiload-applet-2 is the "bad guy"?
>
> 0005753827|rsbac_adf_request(): request MODIFY_SYSTEM_DATA, pid 3714, ppid 1, prog_name multiload-apple, prog_file /usr/lib/multiload-applet-2, uid 1000, audit uid 1000, target_type NETDEV, tid }��, attr none, value none, result NOT_GRANTED (Softmode) by MAC
> 0005753828|rsbac_adf_request(): request GET_STATUS_DATA, pid 3714, ppid 1, prog_name multiload-apple, prog_file /usr/lib/multiload-applet-2, uid 1000, audit uid 1000, target_type NETDEV, tid eth0, attr none, value none, result GRANTED (Softmode) by RC ACL
> 0005753829|rsbac_adf_request(): request GET_STATUS_DATA, pid 3714, ppid 1, prog_name multiload-apple, prog_file /usr/lib/multiload-applet-2, uid 1000, audit uid 1000, target_type NETDEV, tid eth0, attr none, value none, result GRANTED (Softmode) by RC ACL
> 0005753830|rsbac_adf_request(): request GET_STATUS_DATA, pid 3714, ppid 1, prog_name multiload-apple, prog_file /usr/lib/multiload-applet-2, uid 1000, audit uid 1000, target_type NETDEV, tid eth0, attr none, value none, result GRANTED (Softmode) by RC ACL
> 0005753831|rsbac_adf_request(): request GET_STATUS_DATA, pid 3714, ppid 1, prog_name multiload-apple, prog_file /usr/lib/multiload-applet-2, uid 1000, audit uid 1000, target_type NETDEV, tid eth0, attr none, value none, result GRANTED (Softmode) by RC ACL
> 0005753883|rsbac_adf_request(): request GET_STATUS_DATA, pid 2351, ppid 1, prog_name ifplugd, prog_file /sbin/ifplugd, uid 0, target_type NETDEV, tid eth0, attr none, value none, result GRANTED (Softmode) by RC ACL
>
>
> Aleph
> _______________________________________________
> rsbac mailing list
> rsbac en rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list