couple of questions regarding Grsec ACL
Posted: Tue Mar 01, 2005 2:20 amHi,
I am building some ACLs for grsecurity and had two questions:
1). What does an object with no mode after it have as an ACL? So for instance (taken from the default 'policy' supplied with gradm):
subject /
/ r
/dev
/dev/grsec h
.
.
.
etc...
What would be the ACL for /dev?
(From my tests, it appears to be
non-executable, can't be written to, can't be read, but is not hidden..)
2) Is there any way to read what the ACL for a subject is using e.g., gradm (the documentation mentions a 'T' flag, but this appears to have been discontinued, possibly for security reasons...)
Thanks for any help!
Best regards.
C.
I am building some ACLs for grsecurity and had two questions:
1). What does an object with no mode after it have as an ACL? So for instance (taken from the default 'policy' supplied with gradm):
subject /
/ r
/dev
/dev/grsec h
.
.
.
etc...
What would be the ACL for /dev?
(From my tests, it appears to be
non-executable, can't be written to, can't be read, but is not hidden..)
2) Is there any way to read what the ACL for a subject is using e.g., gradm (the documentation mentions a 'T' flag, but this appears to have been discontinued, possibly for security reasons...)
Thanks for any help!
Best regards.
C.