search for: rsbac

Hi, I'm running Samba as a PDC for 1 year it works great. I have one question. In this time we need for some applications Extended Attributes (EA), users can read, write, but not delete files. These applications are written in Pascal (DOS mode) :o((. Can anyone tell me, if RSBAC or LSM or any other similar project can help ne with this problem? Can Samba work with these EA? Thanks, David.

>> Hi, >> sorry I forget to specify OS. >> I'm using: >> RH 7.2 kernel 2.4.9 >> FS - XFS 1.0.2=20 >> Samba 2.2.3a >> I'm using XFS ACL, but I need set EA(ACL) to Change (read - yes, write - >> yes, delete - no, execute - no). >> I don't know how to set this with standard UNIX permissions (rwx).=20 >>

Amon Ott has released another version of RSBAC, for 2.1.115 now. http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac/eng.htm You get the following security modules: MAC Bell-LaPadula Mandatory Access Control (no compartements yet) CWI Clark-Wilson-Integrity (only basics implemented) FC Functional Control. A simple role based mode...

Hi, I'm trying to compile ocfs2 1.2.6 on a 2.6.21 kernel (with rsbac and pax patches), but I can't get this to work .. In 2.6.20 there was an change in the definition of the INIT_WORK macro (http://lkml.org/lkml/2006/12/5/269) this seems to cause my problems (see below) but even after removing the third parameter of the INIT_WORK calls the compile fails (see sec...

...way to close the POP3/IMAP firewall ports to these IPs to avoid dovecot seeing the connection at all. A kind of blacklist status file on disk would be enough, from which some cron job could fill a firewall chain. If necessary, I would try to add this functionality myself. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

...ystem type... Linux checking for make utility... ok (make) checking for C compiler... ok (cc) kernel source in /lib/modules/2.6.18-92.1.13.el5xen/source... yes kernel build source in /lib/modules/2.6.18-92.1.13.el5xen/build... yes acquiring Linux kernel code configuration... ok checking if Linux is RSBAC patched... no checking if devfs is enabled... no discovered host system... Linux (2.6.18) checking if security module support is enabled... yes verifying capabilities are not built-in... built-in :( error: capabilities are built-in to the kernel: you will need to recompile a kernel with capa...

...formance bottleneck detection and removal - Hendrik Scholz o Spamikaze - a distributed anti-spam technology - Rik van Riel o System Admin Training in the Virtual Unix Lab - Hubert Feyrer Security: o GBDE -- Spook strength disk encryption - Poul-Henning Kamp o Rule Set Based Access Control (RSBAC) - Securing Linux from the inside - Amon Ott Multimedia: o All About MPLayer - Alex Beregszaszi o Multimedia On Unix: Past, Present, and Future - Mike Melanson o Multimedia Trash And The Evolution of Full Motion Video - Mike Melanson Training Programme ~~~~~~~~~~~~~~~~~~~~~~~...

Hi, I'm running dovecot (1.1.7) deliver and sieve (1.1.5) on a Fedora 9 platform, using selinux targetet mode. Most of the mail deliveries goes well, but once deliver tried to copy the mail to the /tmp directory, which it seems it not allowed by selinux. I guess that deliver wants to sanitize the mail or something and therefore copies it to /tmp. Before I ask for selinux to allow this, I

...6-r1, ssp-3.4.5-1.0, pie-8.7.9) I started off with 3.4.5 and similar or identical parameters for ssp and pie. The results in that case were the same so I''ve tried two different gcc versions (though both are hardened with pie/ssp) to no avail. I''m not using Pax or Grsecurity or RSBAC and like I said, SELinux is running in permissive mode right now. In the old thread, Keir Fraser wrote: "I''ve checked in a patch to the unstable tree that will allow to build with PIE/SSP-enabled GCC." So my hope is to be able to get xen running with these hardened flags, but...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 first of all, thank you for a great project i really enjoy! ok, now here comes the bug report... i''m trying to test xen migration capabilities, with xen-3.1, hand compilled, fetched from mercurial repository. my setup looks like this - x86_64 dom0, x86_32p dom0, x86_32p domU. when trying to migrate from 64 to 32 bit dom0 i''m