Hi!
> Subject: [PATCH 0/4] MultiAdmin LSM
> (was: Re: Time to remove LSM
> (was: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks))
>
>
> 0. Preface
> ==========
> Thanks to Greg who, requiring me to post more-split patches, made me
> reconsider the code. I did nothing less than to simplified the whole patch
> cruft (shrunk by factor 10) and removed what seemed unreasonable. This
> thread posts MultiAdmin *1.0.5*.
>
>
>
> 1. Super-short description
> ==========================
> Three user classes exist (determined by user-defined UID ranges),
> - superadmin, the usual "root"
> - subadmin
> - normal users
>
> A usual (non-multiadm,non-selinux) system has only one superadmin (UID 0)
> and a number of normal users, and the superadmin can operate on
> everything.
>
> The "subadmin" can read in some superadmin-only places, and is allowed to
> fully operate on processes/files/ipc/etc. of normal users. The full list
> (possibly incomplete) of permissions is available in the README.txt
> (includes short description) in the out-of-tree tarball.
> [http://freshmeat.net/p/multiadm/]
I guess you should really split CAP_SYS_ADMIN into some subsets that
make sense... along with explanation why subsets are 'right'.
Pavel
--
Thanks, Sharp!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]