Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- wiki:experiences:igraltist:rc_old [2010/02/25 19:50]
127.0.0.1 (old revision restored)
+++ wiki:experiences:igraltist:rc_old [2011/09/11 19:37]
127.0.0.1 (old revision restored)
@@ Line 26: / Line 26: @@
 This is surly the case for the init process.
 So thatswhy this setup firstly.
@@ Line 37: / Line 40: @@
 set a rc-role named ``Init`` as initial-role on ``/sbin/init``.
-  rc_set_item ROLE 4 name "Init"
+see setup:
+[[rc#rc_role_for_init_process|RC role for init process]]
+  rc_set_item ROpLE 4 name "Init"
   attr_set_file_dir FILE "/sbin/init" rc_initial_role 4
@@ Line 83: / Line 89: @@
 Need access to ``rc_type_fd 5`` which assigned to ``/var/run``.
   rc_set_item ROLE 4 type_comp_fd 5 CHANGE_OWNER CHDIR CLOSE CREATE GET_PERMISSIONS_DATA GET_STATUS_DATA MODIFY_PERMISSIONS_DATA READ READ_WRITE_OPEN READ_OPEN SEARCH TRUNCATE WRITE WRITE_OPEN LOCK
@@ Line 118: / Line 125: @@
+==== Example for an unprileged user ====
+== User with uid 1000 ==
+Iam creating a RC role ``Jens`` and ``rc_types``, and assign them to the user with ``uid 1000``.
+  rc_set_item ROLE 1000 name "Jens"
+  rc_set_item TYPE 1000 type_fd_name "Jens_FD"
+  rc_set_item TYPE 1000 type_fdsd_name "Jens_FDSD"
+  rc_set_item TYPE 1000 type_dev_name "Jens_DEV"
+  rc_set_item TYPE 1000 type_user_name "Jens_USER"
+  rc_set_item TYPE 1000 type_group_name "Jens_GROUP"
+  rc_set_item TYPE 1000 type_process_name "Jens_PROCESS"
+  rc_set_item TYPE 1000 type_ipc_name "Jens_IPC"
+  rc_set_item TYPE 1000 type_netdev_name "Jens_NETDEV"
+  rc_set_item TYPE 1000 type_nettemp_name "Jens_NETTEMP"
+  rc_set_item TYPE 1000 type_netobj_name "Jens_NETOBJ"
+  rc_set_item ROLE 1000 def_fd_create_type 1000
+  rc_set_item ROLE 1000 def_fd_ind_create_type 1000 1000
+  rc_set_item ROLE 1000 def_user_create_type 1000
+  rc_set_item ROLE 1000 def_process_create_type 1000
+  rc_set_item ROLE 1000 def_process_chown_type 1000
+  rc_set_item ROLE 1000 def_process_execute_type 1000
+  rc_set_item ROLE 1000 def_ipc_create_type 1000
+  rc_set_item ROLE 1000 def_group_create_type 1000
+  rc_set_item ROLE 1000 def_unixsock_create_type 1000
+  attr_set_user jens rc_def_role 1000
+  attr_set_user jens rc_type 1000
+  attr_set_file_dir DIR "/home/jens" rc_type_fd 1000
+Policy for RC role ``Jens``(1000):
+  rc_set_item ROLE 1000 type_comp_fd 1000 APPEND_OPEN CHDIR CLOSE CREATE DELETE EXECUTE GET_STATUS_DATA MODIFY_ACCESS_DATA READ READ_WRITE_OPEN READ_OPEN SEARCH TRUNCATE WRITE WRITE_OPEN MAP_EXEC
+  rc_set_item ROLE 1000 type_comp_user 1000 GET_STATUS_DATA SEARCH
+  rc_set_item ROLE 1000 type_comp_ipc 1000 CLOSE CREATE READ WRITE
+  rc_set_item ROLE 1000 type_comp_process 1000 CREATE MODIFY_SYSTEM_DATA
+  rc_set_item ROLE 1000 type_comp_dev 0 CLOSE GET_PERMISSIONS_DATA GET_STATUS_DATA MODIFY_PERMISSIONS_DATA READ READ_WRITE_OPEN READ_OPEN WRITE WRITE_OPEN IOCTL
+  rc_set_item ROLE 1000 type_comp_fd 0 CHDIR CLOSE EXECUTE GET_PERMISSIONS_DATA GET_STATUS_DATA READ READ_OPEN SEARCH WRITE MAP_EXEC LOCK
+  rc_set_item ROLE 1000 type_comp_ipc 0 CLOSE READ
+  rc_set_item ROLE 1000 type_comp_process 0 MODIFY_SYSTEM_DATA
+When this user should allow to login on tty also, then Policy for RC role [[wiki:experiences/igraltist/rc/login#Local Login|``Login``]] have to extend for for RC role ``Jens``(1000).
+  rc_set_item ROLE 5 type_comp_user 1000 CHANGE_OWNER GET_STATUS_DATA SEARCH CHANGE_AUTHED_OWNER

//