As far as the variables found in the /etc/grsec/policy file, what do they represent:
r - read (?)
w - write (?)
c- ?
d - delete (?)
m - ?
l - ?
x - execute (?)
i - ?
If my above guesses are correct, then in order to have permission to delete files or folder in my user home directory, I would need to change the following from this:
# Role: username
subject /usr/bin/kdeinit4 o {
/home/username rw
to this:
# Role: username
subject /usr/bin/kdeinit4 o {
/home/username rwd
Is that correct? I'm totally dumb with this and the documentation is a bit over my head, although the policy file seems to have enough information to decipher how best to tweak the policies.
--------------------------------------------------------------------------------------------------------------------
EDIT-NEVERMIND:
--------------------------------------------------------------------------------------------------------------------
# new object modes:
# m -> allow creation of setuid/setgid files/directories
# and modification of files/directories to be setuid/setgid
# M -> audit the setuid/setgid creation/modification
# c -> allow creation of the file/directory
# C -> audit the creation
# d -> allow deletion of the file/directory
# D -> audit the deletion
# p -> reject all ptraces to this object
# l -> allow a hardlink at this path
# (hardlinking requires at a minimum c and l modes, and the target
# link cannot have any greater permission than the source file)
# L -> audit link creation
# new subject modes:
# O -> disable "writable library" restrictions for this task
# t -> allow this process to ptrace any process (use with caution)
# r -> relax ptrace restrictions (allows process to ptrace processes
# other than its own descendants)
# i -> enable inheritance-based learning for this subject, causing
# all accesses of this subject and anything it executes to be placed
# in this subject, and inheritance flags added to executable objects
# in this subject
# a -> allow this process to talk to the /dev/grsec device
What do 'rwcdmlxi' variables represent?
3 posts
• Page 1 of 1
What do 'rwcdmlxi' variables represent?
by mprotect » Wed Sep 05, 2012 3:12 pm
- mprotect
- Posts: 4
- Joined: Mon Sep 19, 2011 11:54 pm
Re: What do 'rwcdmlxi' variables represent?
by spender » Thu Sep 06, 2012 7:42 am
https://secure.wikimedia.org/wikibooks/ ... ject_Modes
If you want to read, write, and delete files in that directory (but not create any) then yes "rwd" is what you want.
-Brad
If you want to read, write, and delete files in that directory (but not create any) then yes "rwd" is what you want.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: What do 'rwcdmlxi' variables represent?
by mprotect » Thu Sep 13, 2012 10:41 am
I've only got five things to say:
1. Absolutely brilliant
2. Extremely easy to understand
3. (Somewhat) easy to administer (I am still learning)
4. Should be the default on all distros.
5. Love, love, love how root is so totally neutered.
1. Absolutely brilliant
2. Extremely easy to understand
3. (Somewhat) easy to administer (I am still learning)
4. Should be the default on all distros.
5. Love, love, love how root is so totally neutered.
- mprotect
- Posts: 4
- Joined: Mon Sep 19, 2011 11:54 pm
3 posts
• Page 1 of 1