1 |
Hi all, |
2 |
|
3 |
Can someone tell me what the noatsecure process permission enables? It |
4 |
appears to concern the inheritance of a sanitized environment, but I can't |
5 |
make out the details. More generally, is there a document that describes |
6 |
the various access vector components? Most components are based on system |
7 |
calls and are easily understood. But, a few are more or less mysterious to |
8 |
me, including: |
9 |
|
10 |
setexec: unknown |
11 |
setfscreate: permission to create filesystem? |
12 |
noatsecure: unknown |
13 |
siginh: inheritance of signal handler? |
14 |
rlimitinh: inheritance of resource limit? |
15 |
|
16 |
I find a few programs that seem to need the noatsecure permission. Because |
17 |
the sample policy includes several dontaudits related to this permission, |
18 |
I'm having some small difficulties developing appropriate policies for such |
19 |
programs. |
20 |
|
21 |
Thanks! |
22 |
|
23 |
--------------------------------------------------- |
24 |
Bill McCarty |
25 |
|
26 |
-- |
27 |
gentoo-hardened@g.o mailing list |