non-user/group based roles?

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

non-user/group based roles?

Postby ucntcme » Thu Dec 28, 2006 4:31 am

Couldn't think of a *good* short subject. Here is what I am after, hope it is in the right forum.

I want the ability to specify a list of program/*sum[1] pairs that are allowed to be executed on the system. Anything not on the list or not possessing the correct *sum will not be permitted to run, period.

Other policies can sit "on top" and grant access to any app that meets the above conditions as normal, but should not be able to grant access to apps that do not meet "the Prime Condition" as it were.

Is this something that can be done with the existing grsecurity capabilities? If not is this in the works or any interest in such a capability?

Cheers,
Bill


1) md5sum or sha*sum or checksum for example.
ucntcme
 
Posts: 1
Joined: Wed Dec 27, 2006 7:36 pm

Return to RBAC policy development

cron