[rsbac] (no subject)
Amon Ott
rsbac@rsbac.org
Fri May 3 16:40:02 2002
On Friday, 3. May 2002 10:26, Martin Tomasek wrote:
> Amon, why have all /proc/$pid/fd directories greater rights with rsbac?
> You have written in linux-2.4.18/fs/proc/base.c:
> + #ifdef CONFIG_RSBAC
> + /* allow read, execute for group, others for administration */
> + E(PROC_PID_FD, "fd", S_IFDIR|S_IRUGO|S_IXUGO),
> + #else
> E(PROC_PID_FD, "fd", S_IFDIR|S_IRUSR|S_IXUSR),
> + #endif
Thanks for telling, this is a left-over from the old network access control
implementation. Secoff needed access to the socket names for IPC
administration. Removed in my tree.
Amon.
--
http://www.rsbac.org