documentation:faq
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:faq [2006/06/13 16:11]
michal
documentation:faq [2006/06/13 16:34]
michal
Line 1: Line 1:
-_-TS RSBAC FAQ TE-_ 
  
-\\  
-\\  
-\\  
-\\  
- 
-== Is there any support for permissions revocation in RSBAC? == 
-Permission revocation is sometimes considered as part of every MAC system. We do not implement support for revocation for a number of reasons. What we do is fine grained access control instead of revocation. For example, a file stays opened, but you cannot read or write any more. Also implementing revocation would be an very ugly thing and possibly would harm data consistency. 
- 
-== What about cover channels? == 
-We're trying to deal with them as much as possible - even if there will always be some possible to find. It's a more work than just for a MAC system - would require rewriting a large parts of operating system and (for better) results even preparing ready to use machines (selected OS+improvments on a specific hardware). The problem is - covert channels are just every possible paths where uncontrolled information might be passed. Althought we control IPC and similar mechanisms covert channels are hardly possible to avid - think about limitting transsmision rate as a way to pass information,​ timing attacks... 
- 
-== What will happen if TTL for AUTH capability will time out in a middle of administration work? Will user be disconnected?​ == 
-No, once you log in and TTL goes out, you won't be disconnected. Login application (be it /sbin/login or sshd) just will not be allowed to setuid(gid) any more to subject uid - hence that user won't log in. 
- 
-== What will happen if RC (or ACL) compatibility right will time out? == 
-Access will be immidiatelly denied - what's going to happen depends on right one is going to be denied. Say, when a READ right will time out on a FILE target, one won't be able to read from a file even more. Look also at question about permission revocation. 
- 
-== When using the "​rsbac_menu"​ command I get an error: "​dialog:​ command not found == 
-Make sure you have the dialog package installed from your distribution. 
- 
-See http://​hightek.org/​dialog/​ 
- 
-== My "​Help"​ button does not work in rsbac menu based commands == 
-Dialog tool is known to have broken the original support for this feature. 
-You can use a version supporting this feature here: 
- 
-http://​download.rsbac.org/​dialog/​ 
- 
-== When using RSBAC commands I get: librsbac.so.xxx:​ cannot open shared object file: No such file                                 or directory == 
-Make sure RSBAC libs are installed. If you installed manually, they are probably in /​usr/​local/​lib. 
- 
-On some Linux distributions,​ this path is not in the default settings. 
-Edit "/​etc/​ld.so.conf"​ and add a line "/​usr/​local/​lib",​ then save and run the "​ldconfig"​ command. 
- 
-== Do you provide RSBAC + Xen/Vserver patches? == 
-Look at [[http://​www.rsbac.org/​team/​michal/​virtualization]] 
//
documentation/faq.txt · Last modified: 2006/06/13 16:34 by michal

documentation/faq.txt · Last modified: 2006/06/13 16:34 by michal
This website is kindly hosted by m-privacy