documentation:rsbac_handbook:appendixes:rsbac_reference:kernel_parameters
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
documentation:rsbac_handbook:appendixes:rsbac_reference:kernel_parameters [2008/01/28 11:15] 127.0.0.1 (old revision restored) |
documentation:rsbac_handbook:appendixes:rsbac_reference:kernel_parameters [2009/11/12 12:30] 127.0.0.1 (old revision restored) |
||
|---|---|---|---|
| Line 11: | Line 11: | ||
| * rsbac_fd_cache_disable: Disable FD cache for this uptime | * rsbac_fd_cache_disable: Disable FD cache for this uptime | ||
| - | ==== Softmode and Freezing ==== | + | |
| + | ==== Softmode, Freezing and Module Switching ==== | ||
| * rsbac_softmode (only, if enabled on kernel config): switch to global softmode | * rsbac_softmode (only, if enabled on kernel config): switch to global softmode | ||
| * rsbac_softmode_once (only, if enabled on kernel config): switch to global softmode and disallow to switch it on again later | * rsbac_softmode_once (only, if enabled on kernel config): switch to global softmode and disallow to switch it on again later | ||
| * rsbac_softmode_never (only, if softmode enabled on kernel config): disallow to switch global softmode on during this runtime | * rsbac_softmode_never (only, if softmode enabled on kernel config): disallow to switch global softmode on during this runtime | ||
| - | * rsbac_softmode_<mod> (module name in lowercase, e.g. rc, only if enabled): switch individual model softmode to on | + | * rsbac_softmode_<mod> (module name in lowercase, e.g. rc, only if enabled): switch individual module softmode to on |
| + | * rsbac_switch_off_<mod> (module name in lowercase, e.g. rc, only if switching off is enabled in kernel config): switch individual module off | ||
| * rsbac_freeze (only, if enabled in kernel config): Disallow RSBAC administration for this runtime. Freezing does not depend on softmode, it always works. | * rsbac_freeze (only, if enabled in kernel config): Disallow RSBAC administration for this runtime. Freezing does not depend on softmode, it always works. | ||
| + | |||
| ==== Module Specific ==== | ==== Module Specific ==== | ||
| * rsbac_auth_enable_login: Sets auth_may_setuid for /bin/login, if AUTH module is on. A good emergency helper, if you cannot login anymore. | * rsbac_auth_enable_login: Sets auth_may_setuid for /bin/login, if AUTH module is on. A good emergency helper, if you cannot login anymore. | ||
| * rsbac_auth_learn (only, if enabled in kernel config): enable AUTH learning mode, where AUTH module adds all missing capabilities automatically instead of denying the request. | * rsbac_auth_learn (only, if enabled in kernel config): enable AUTH learning mode, where AUTH module adds all missing capabilities automatically instead of denying the request. | ||
| + | * rsbac_rc_learn (only, if enabled in kernel config): enable RC learning mode, where RC module adds all missing rights automatically instead of denying the request. | ||
| * rsbac_acl_learn and rsbac_acl_learn_fd (only, if enabled in kernel config): enable ACL learning mode for user rights to filesystem objects | * rsbac_acl_learn and rsbac_acl_learn_fd (only, if enabled in kernel config): enable ACL learning mode for user rights to filesystem objects | ||
| * rsbac_um_no_excl: Disable exlusive user management for this uptime. | * rsbac_um_no_excl: Disable exlusive user management for this uptime. | ||
| Line 26: | Line 30: | ||
| * rsbac_cap_process_hiding: process hiding | * rsbac_cap_process_hiding: process hiding | ||
| * rsbac_cap_log_missing: Log all failed calls to capable() for caps, which are not in the CAP user or program max_caps set. Use to see which caps should be added to make a program work. | * rsbac_cap_log_missing: Log all failed calls to capable() for caps, which are not in the CAP user or program max_caps set. Use to see which caps should be added to make a program work. | ||
| + | * rsbac_cap_learn (only, if enabled in kernel config): enable CAP learning mode, where CAP module adds all missing capabilities to max_caps of user and program automatically instead of denying the request. | ||
| * rsbac_jail_log_missing (new in 1.2.5): Log all failed calls to capable() for caps, which are not in the JAIL call max_caps parameter. Use to see which caps should be added to make a program work. | * rsbac_jail_log_missing (new in 1.2.5): Log all failed calls to capable() for caps, which are not in the JAIL call max_caps parameter. Use to see which caps should be added to make a program work. | ||
documentation/rsbac_handbook/appendixes/rsbac_reference/kernel_parameters.txt · Last modified: 2009/11/12 14:22 by 127.0.0.1