[rsbac] Mac role functions
Chirag Pandya
searchformehere at yahoo.com
Thu Oct 16 12:50:19 MEST 2003
Root's MAC settings are as follows:
MAX level = 16
Initial level = 8
Min level = 0
Mac role = 2 (administrator)
user flag = 16 (read up)
attr_set_file_dir is set to 555.
On a file (sitting in root's home dir as root) I can
do:
attr_set_file_dir MAC FILE xxx mac_prop_trusted 1
attr_set_file_dir MAC FILE xxx mac_file_flags 36
(or any combination of file flags)
But I can't do
attr_set_file_dir -a MAC FILE xxx security_level 8
attr_set_file_dir MAC FILE xxx mac_trusted_for_user
400
attr_set_file_dir MAC FILE xxx mac_auto 1
ERROR: wrong_mac_role
I believe root shouldn't be able to set any MAC
attributes.
Is my MAC understanding wrong? Any suggestions?
Regards,
Chirag
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
More information about the rsbac
mailing list