| 1 |
Hi all, |
| 2 |
|
| 3 |
Can someone tell me what the noatsecure process permission enables? It |
| 4 |
appears to concern the inheritance of a sanitized environment, but I can't |
| 5 |
make out the details. More generally, is there a document that describes |
| 6 |
the various access vector components? Most components are based on system |
| 7 |
calls and are easily understood. But, a few are more or less mysterious to |
| 8 |
me, including: |
| 9 |
|
| 10 |
setexec: unknown |
| 11 |
setfscreate: permission to create filesystem? |
| 12 |
noatsecure: unknown |
| 13 |
siginh: inheritance of signal handler? |
| 14 |
rlimitinh: inheritance of resource limit? |
| 15 |
|
| 16 |
I find a few programs that seem to need the noatsecure permission. Because |
| 17 |
the sample policy includes several dontaudits related to this permission, |
| 18 |
I'm having some small difficulties developing appropriate policies for such |
| 19 |
programs. |
| 20 |
|
| 21 |
Thanks! |
| 22 |
|
| 23 |
--------------------------------------------------- |
| 24 |
Bill McCarty |
| 25 |
|
| 26 |
-- |
| 27 |
gentoo-hardened@g.o mailing list |
Archives