Feature: global ACLs

Discuss and suggest new grsecurity features

Feature: global ACLs

Postby salam » Tue Dec 28, 2010 5:36 pm

I was thinking about possibility of specifying something like 'global ACL'.
Lets say, we have a configuration file 'globals' or whatever, which will contain ACL for an object.....say /proc/modules h
Then it would be valid for any role and any subject across whole ACL structure, unless the subject explicitly specifies other access to this object(so /proc r in the example would still hide modules, /proc/modules r directly would override global flag and allow reading for given object).

Good idea, or not?
salam
 
Posts: 27
Joined: Wed Jul 19, 2006 7:22 am

Return to grsecurity development