documentation:faq
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
documentation:faq [2006/05/29 14:17] michal |
documentation:faq [2006/06/13 16:10] michal |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| == Is there any support for permissions revocation in RSBAC? == | == Is there any support for permissions revocation in RSBAC? == | ||
| Permission revocation is sometimes considered as part of every MAC system. We do not implement support for revocation for a number of reasons. What we do is fine grained access control instead of revocation. For example, a file stays opened, but you cannot read or write any more. Also implementing revocation would be an very ugly thing and possibly would harm data consistency. | Permission revocation is sometimes considered as part of every MAC system. We do not implement support for revocation for a number of reasons. What we do is fine grained access control instead of revocation. For example, a file stays opened, but you cannot read or write any more. Also implementing revocation would be an very ugly thing and possibly would harm data consistency. | ||
| + | |||
| + | == What about cover channels? == | ||
| + | We're trying to deal with them as much as possible - even if there will always be some possible to find. It's a more work than just for a MAC system - would require rewriting a large parts of operating system and (for better) results even preparing ready to use machines (selected OS+improvments on a specific hardware). The problem is - covert channels are just every possible paths where uncontrolled information might be passed. Althought we control IPC and similar mechanisms covert channels are hardly possible to avid - think about limitting transsmision rate as a way to pass information, timing attacks... | ||
| == What will happen if TTL for AUTH capability will time out in a middle of administration work? Will user be disconnected? == | == What will happen if TTL for AUTH capability will time out in a middle of administration work? Will user be disconnected? == | ||
| Line 31: | Line 34: | ||
| On some Linux distributions, this path is not in the default settings. | On some Linux distributions, this path is not in the default settings. | ||
| Edit "/etc/ld.so.conf" and add a line "/usr/local/lib", then save and run the "ldconfig" command. | Edit "/etc/ld.so.conf" and add a line "/usr/local/lib", then save and run the "ldconfig" command. | ||
| + | |||
| + | == Do you provide RSBAC + Xen/Vserver patches? == | ||
| + | Look at [[Internal Link]] | ||
documentation/faq.txt · Last modified: 2006/06/13 16:34 by michal