[rsbac] About SCD T_swap.
Michał Purzyński
michal at rsbac.org
Mon Jan 12 10:22:11 CET 2009
This way we can control two things - if the current user/role has
rights to change swap settings and also which files or devices can be
used as swap.
On Jan 11, 2009, at 12:48 AM, Javier J. Martínez Cabezón <tazok.id0 at gmail.c
om> wrote:
> Hi all, while looking some code of 1.3.7 rsbac version (swapfile.c)
> when you add one partition/file with swapon and swapoff it only checks
> that you own the capability CAP_SYS_ADMIN and if you have
> MODIFY_SYSTEM_DATA in SCD_swap and ADD_TO_KERNEL rights in the
> file/device to add. ADD_TO_KERNEL (and REMOVE_TO_KERNEL) to SCD_swap
> is ignored isn't it?. I'm wrong thinking that the only right useful in
> SCD type swap is MODIFY_SYSTEM_DATA?. I think that some others SCD has
> the same isn't it?
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list