[rsbac] About insmod - lkm
Amon Ott
ao at rsbac.org
Thu Mar 6 09:08:22 MET 2003
On Thursday 06 March 2003 02:39, Áõ¸ï·Ç wrote:
> That means, deprive root of ADD_TO_KERNEL privilege by means of RC,and
then protect the /lib/modules/* from writing by MAC with only read
authorization to insmod ,modprobe, rmmod to that DIR by RC?
Right.
> Does the ADD_TO_KERNEL in RC take effect in rsbac 1.1.2 or does RSBAC
change much in RC in 1.2?
No, not much in this respect. The major RC changes are that in 1.2.0ff the
number of roles and types is (almost) unlimited and that there is full
network control support.
Internally, things have changed a lot, though. You might well consider to
upgrade.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list