[rsbac] Decision Module in Userspace

Jens Kasten igraltist at rsbac.org
Sun Jun 5 17:12:01 CEST 2011


a point to your Django framework.
Why should not use RSBAC to secure the webframe work?
So far I understand, I would not need for daily use and additional
module in userspace.
I would analyse what files and directories are directly affected by the,
if Django runs under his own user, and start to build RC-Roles and
RC-Types. Than a Nettemplate and other small thinks. 
Now, why I should build RC-Roles befor, so that a userspace software get
again a RC-Role to obtain his limitation?
When I would lift up the decision to userspace, so that a software can
ask if the subject has the correct rights to the object the data have to
protect by what? If data must store again in the main place, rsbac.dat
in every mountpoint, so no reason to build more software to lift up the
decision to userspace.


Am Sonntag, den 05.06.2011, 17:44 +0500 schrieb Shaz:
> Dear all,
> Can a decision module be implemented in userspace? Certain high level
> software components should not depend on legacy kernel as this impacts the
> overall performance of the system. RSBAC being a framework could be extended
> but not sure whether there is any work already done to do this. For instance
> if I want a web framework (e.g. Django) to use RSBAC's security then it
> would not be a good idea to use the in kernel decision modules.
> We can also say that such enforcement requirements should be dealt
> irrespective of rsbac and secured by the kernel based modules. Such general
> frameworks for access control are usually not available to the userspace
> unless using an application framework with such implementations. Some
> clarity of thought required here.
> Thanks.

More information about the rsbac mailing list