role mode T

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

role mode T

Postby countermode » Mon Feb 10, 2014 7:48 pm

Hi, the wikibook says about role mode T:
This role has Trusted Path Execution (TPE) enabled.

Is this the same as subject mode T which says:
Deny execution of binaries or scripts that are writable by any other subject in the policy. This flag is evaluated at policy enable time. All binaries with execute permission that are writable by another subject (ignoring special roles) will be reported and the RBAC system will not allow itself to be enabled until the changes are made.

I've played with role mode T and it seems to be the same as for subject mode T for all subjects in this role.

Is that correct?

Posts: 27
Joined: Mon Sep 16, 2013 6:59 pm

Return to grsecurity support