-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
86 lines (55 loc) · 2.14 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Welcome to the TBAC packages directory
--------------------------------------
TBAC is a RSBAC REG policy about timed based access control.
This project is in developpement.
Currently available:
* REG module active for one device
* Tkinter administration interface
Installation
------------
Compilation require rsbac kernel header, so rsbac-admin tools must
have been installed.
$ make
$ make build
$ sudo make install
Make sure environment contain:
* */usr/local/lib* is in LD_LIBRARY_PATH or in /etc/ld.so.conf / ldconfig
* */usr/local/lib/python2.6/site-packages* in PYTHONPATH
Usage
-----
Right now, tbac only support file's attributes on a single device,
and you must set this parameter during module loading.
You need minor and major number of selected device. [1]
You should read the SPECS file to understand how it works.
First load the tbac module:
$ sudo modprobe tbac tbac_root_device_major=X tbac_root_device_minor=Y
Then You can check everything goes right by looking at
/proc/rsbac-info/tbac
The best way to play with it is to use the rsbac_tbac_menu.py.
However commandline tools are also provided:
tbac_[gs]et_conf to set working hours // a oneshot holiday
tbac_[gs]et_attr_fd to set fd's attributes
Known CAVEATS
-------------
TBAC being a REG module, it does not benefits from common RSBAC attributes
workflow, meaning:
* no transactions
* no attributes inheritance (every files must be tagged)
Supporting every mounted devices could be done without much that work.
Directores layouts
------------------
This package contains:
main:
|->/src: the reg module sources
|->/headers: the tbac include files
|->/libs: userland library and its python binding
\->/tools: administration commands and a fancy Tk menu in python
[1] To get filesystem under device minor/major you can use 'stat':
$ stat --printf="%D\n" /home
805
/home device's major is 08, minor ir 05
[1] or you can look at the mounted devices in dev with 'ls':
$ ls -l /dev/sda8
brw-rw---- 1 root disk 8, 5 2009-10-15 18:35 /dev/sda5
^ ^
\---\--- those number are major and minor