[rsbac] Decision Module in Userspace

Shaz shazalive at gmail.com
Sun Jun 5 17:31:36 CEST 2011

On Sun, Jun 5, 2011 at 8:12 PM, Jens Kasten <igraltist at rsbac.org> wrote:

> Hi,
> a point to your Django framework.
> Why should not use RSBAC to secure the webframe work?
> So far I understand, I would not need for daily use and additional
> module in userspace.
> I would analyse what files and directories are directly affected by the,
> if Django runs under his own user, and start to build RC-Roles and
> RC-Types. Than a Nettemplate and other small thinks.
> Now, why I should build RC-Roles befor, so that a userspace software get
> again a RC-Role to obtain his limitation?
> When I would lift up the decision to userspace, so that a software can
> ask if the subject has the correct rights to the object the data have to
> protect by what? If data must store again in the main place, rsbac.dat
> in every mountpoint, so no reason to build more software to lift up the
> decision to userspace.
What if we are thinking inside Django and the objects of Django not looking
at Django from outside. Not the resources at the kernel/os point of view.

Another example would be the elements of Django in the file and not just the
file. Granularity with respect to Django.


Shahbaz Khan
R&D Engineer,
Tactical Engineering and Consultancy.


More information about the rsbac mailing list