[rsbac] CLOSE request not checked in RC
Amon Ott
ao at rsbac.org
Tue Jan 20 09:04:54 CET 2009
On Tuesday 20 January 2009 wrote Javier J. Martínez Cabezón:
> And if added one #If define ((CONFIG_RSBAC_RC_CHECK_CLOSE) that if
> defined get all checks made returning DON'T CARE if not?. You could
> put in the help that CLOSE should always get granted to avoid bad
> software behaviour. At this way not behaviour is changed,
> CONFIG_RSBAC_RC_CHECK_CLOSE could be put as highly experimental. To
Good proposal. I have added the option RSBAC_ENFORCE_CLOSE to Other Options
and CLOSE checks to RC. All tested here and committed to svn.
The check is always done, but the enforcement (return -EPERM) only with this
switch on. After some more testing we might even default it to on, because it
is more logical and the default settings have always included CLOSE.
Have fun with it...
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list