[rsbac] Linux DAC disable
Paweł Bylina
pako at cc-team.org
Mon Oct 10 10:45:50 CEST 2005
Hi!
I have one problem with Linux DAC Disable, it doesn't work on
normal and softmode. Even I enable CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
still doesn't work. In /proc/rsbac-info/debug i don't have
linux_dac_disable registry, so, what I do wrong?
secoff at debian-selinux:~$ attr_get_file_dir FD /home linux_dac_disable
1
secoff at debian-selinux:~$ ls -la /home | head -2
total 52
drwxrwsr-x 6 root root 4096 Oct 10 00:44 ./
secoff at debian-selinux:~$ cat /proc/rsbac-info/debug | grep softmode
rsbac_softmode is 0
rsbac_softmode_prohibit is 0
rsbac_ind_softmode[FC] is 0
rsbac_ind_softmode[PM] is 0
rsbac_ind_softmode[FF] is 0
rsbac_ind_softmode[RC] is 0
rsbac_ind_softmode[AUTH] is 0
rsbac_ind_softmode[REG] is 0
rsbac_ind_softmode[ACL] is 0
rsbac_ind_softmode[CAP] is 0
rsbac_ind_softmode[JAIL] is 0
rsbac_ind_softmode[RES] is 0
secoff at debian-selinux:~$ touch /home/create_me
touch: cannot touch `/home/create_me': Permission denied
secoff at debian-selinux:~$ id
uid=222(secoff) gid=100(users)
secoff at debian-selinux:~$ grep -i dac /usr/src/linux-2.6.11/.config
# CONFIG_RSBAC_AUTH_DAC_OWNER is not set
CONFIG_RSBAC_ALLOW_DAC_DISABLE=y
CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL=y
CONFIG_RSBAC_ALLOW_DAC_DISABLE_PART=y
CONFIG_RSBAC_DAC_OWNER=y
CONFIG_RSBAC_DAC_GROUP=y
secoff at debian-selinux:~$
More information about the rsbac
mailing list