Hi!
I'm experimenting with roles, trying to create a restrictive environment for a regular user:
Here's the ACL i'm using for the moment:
role myuser u
role_transitions admin
subject / {
/
/dev
/dev/tty rw
/dev/pts rw
/dev/null rw
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/proc rwx
/proc/kcore h
/proc/sys r
/var/run/utmp rw
/etc r
/etc/profile.d rx
/etc/grsec h
/home
/home/myuser rwx
/bin rx
/lib rx
/lib/modules h
/tmp rw
/usr
/usr/bin rx
/usr/include r
/usr/lib rx
/usr/libexec rx
/usr/man r
/usr/share r
/sbin/consoletype x
/var/spool/mail/myuser rw
/home/* h
/usr/* h
/* h
-CAP_ALL
}
This works fine in general, except in /
$ ls
bin boot dev etc home lib proc tmp usr var
$ ls -l
ls: boot: No such file or directory
ls: var: No such file or directory
[...]
I use the same logic with / that i used in /home, so that the user can only list his homedir, but i don't get this kind of errors there.
What might i be missing?
Thanks in advance.