[rsbac] RC learning mode, automatic role generations

Javier Juan Martínez Cabezón tazok.id0 at gmail.com
Mon Mar 7 16:15:51 CET 2011


Hi, ¿would be useful (and hard to implement) to make an rc_learning mode
that creates it's own roles and types?

I think that mostly every time execution that follows a change owner to user
(group) target (as happens with daemons that drops privileges) should be
always isolated in its own role (one for privilege role and other one to
dropped one) maybe this could be one nice way to say learning mode"here you
have to create a role". About the types, could be more tricky since a lot of
roles can access to the same types but learning mode could create the types
indicated to this ones thats belongs to general_type ones (0) and only
granting privileges to the other "manual created" ones

At this way I think we could do one more reliable learning mode and a bit
more secure since we make learning mode more "less privilege approach".

What do you think?


More information about the rsbac mailing list