k3b and grsec

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

k3b and grsec

Postby rueryudpgfoisd » Sat May 08, 2004 7:00 am

I just compiled successfully a 2.4.26-grsec kernel.

I selected the low security level, and I defined the ACL :

role admin sA
subject / r
/ rwcdmxi

role default
subject / {
/ h
-CAP_ALL
connect disabled
bind disabled
}

role root uG
role_transitions admin
subject / {
/ rwxcdmi
+CAP_ALL
}

role user u
subject / {
/ rwxcd
+CAP_ALL
}


I noticed that k3b application did not recognize my burner (with a 2.4 kernel non grsec, it did) when launched as user whereas it did when lauchned as root.
so i changed the rights of the user named "user" :

role admin sA
subject / r
/ rwcdmxi

role default
subject / {
/ h
-CAP_ALL
connect disabled
bind disabled
}

role root uG
role_transitions admin
subject / {
/ rwxcdmi
+CAP_ALL
}

role user u
subject / {
/ rwxcdmi
+CAP_ALL
}


the burner is still not recognized when lauchned as user... whereas it is when lauchned as root.

Did I miss something on the rules ?
The only thing I see is that an other user different from root and different from "user" is used...

I will use the auto-learning procedure and I will keep you informed
rueryudpgfoisd
 
Posts: 1
Joined: Sat May 08, 2004 6:47 am

Return to RBAC policy development