On Thu, 2003-08-21 at 14:40, Brian Pontz wrote: > I have a bunch of directories all owned by the same > uid and all the same perms. > > /home/users/web/user1 > /home/users/web/user2 > > Is there a way to audit execs with LSM so that files > in /home/users/web/user1/* can be exec'd but > /home/users/web/users2/* can not be? > I was thinking along the lines of having a hash and > everytime a file is exec'd I would check the hash and > see if the directory was in the hash. You can use one of the existing access control modules (DTE, SELinux, ...) to achieve this goal; just assign different security types to the directories and their files and then define your security policy configuration accordingly. -- Stephen Smalley <sdsat_private> National Security Agency _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 21 2003 - 11:58:52 PDT