Re: c2 (or c2-like) auditing for Linux

From: Stephen D. Smalley (sdsat_private)
Date: Thu Jan 30 2003 - 07:46:25 PST

  • Next message: Casey Schaufler: "Re: c2 (or c2-like) auditing for Linux"

    > How can capabilities override MAC checks?  We have DAC_OVERRIDE capability but 
    > no MAC_OVERRIDE...
    I think that POSIX.1e defines capabilities for overriding MAC restrictions
    as well, although Linux doesn't presently define them.  However, SELinux 
    provides a better mechanism for this purpose, as I've discussed previously,
    Stephen Smalley, NSA
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 07:39:28 PST