RBAC feature request: nested define{}'s

Discuss and suggest new grsecurity features

Moderators: spender, PaX Team

RBAC feature request: nested define{}'s

Postby Undine » Fri Sep 23, 2011 8:43 am

Sorry if it was asked before, but will be nice if we would have nested define {} blocks?
An example:
Code: Select all
define foonx {
/           h
/usr        r
}

define foo {
$foonx
/usr/bin    rx
/usr/lib    rx
}

define bar {
$grsec_denied
$foo
/bin        rx
/etc        r
/dev        r
/dev/null   rw
/tmp        rwcd
}

Or, if not, please explain why?
Thanks.
Undine
 
Posts: 46
Joined: Thu Sep 08, 2011 7:08 am

Return to grsecurity development

cron