Re: c2 (or c2-like) auditing for Linux

From: Stephen D. Smalley (sdsat_private)
Date: Thu Jan 30 2003 - 07:46:25 PST

  • Next message: Casey Schaufler: "Re: c2 (or c2-like) auditing for Linux"

    > How can capabilities override MAC checks?  We have DAC_OVERRIDE capability but 
    > no MAC_OVERRIDE...
    
    I think that POSIX.1e defines capabilities for overriding MAC restrictions
    as well, although Linux doesn't presently define them.  However, SELinux 
    provides a better mechanism for this purpose, as I've discussed previously,
    http://marc.theaimsgroup.com/?l=selinux&m=97922666422991&w=2.
    
    --
    Stephen Smalley, NSA
    sdsat_private
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 07:39:28 PST