[rsbac] Shall we put this initial script on handbook????
Javier Juan Martínez Cabezón
tazok at rsbac.org
Thu Mar 23 18:39:32 CET 2017
On 23/03/17 08:34, Jens Kasten wrote:
> What you think about to use git to offer different branches for
> different setups. All what I do manual I will forget somethink always.
>
> For example:
> rsbac-swich --branch gentoo-rsbac UM
>
> affect
> /etc/pam.d
> [nsswitch.conf is now a symlink to /etc/nsswitch.conf]
> - gentoo-combat
> system-auth [only set sufficient pam_rsbac.so]
> nsswich.conf
> - gentoo-rsbac
> system-auth [only set require pam_rsbac.so, remove pam_unix.so]
> nsswich.conf
>
> Then branch name --gentoo prefix can extend to debian, fedora ...
>
>
I think this wouldn't be feasible. Too many boot systems (systemd,
sysvinit, openrc), too many daemons, too many software, Jens, you and me
should be slaves working 25 hours/day to be able to do it and to
maintain it. You would left your cubietrucks orphans and they would get
wild without your care.
I think it would be a more elegant approach to think an algorithm that
indicate rc_learn where to create a new role or types, for example if
software X executes and between others has LISTEN requests, or make new
types if the same role has write and execute rights to an object type
More information about the rsbac
mailing list