Converting DAC or policy Rules into Capsicum capabilities
pavan teja
bharghav2947 at gmail.com
Thu Mar 10 08:50:36 UTC 2016
Hello everyone,
I'm right now working on Implementing KDBus project into
FreeBSD project .In the KDBus we have a set of policy rules by which we can
control the bus connectivity by other processes . If viewing from the other
side policy rules appeared to me similar to DAC the security mechanism used
in Linux . Can anyone suggest me a good way to convert these DAC rules into
capabilities .I want to replace these policy rules in KDBus in my design
and replace them with some capabilities . *Example for some policy rules
are:*
KDBUS_ITEM_NAME: str='org.foo.bar'
KDBUS_ITEM_POLICY_ACCESS: type=USER, access=OWN, id=1000
KDBUS_ITEM_POLICY_ACCESS: type=USER, access=TALK, id=1001
KDBUS_ITEM_POLICY_ACCESS: type=WORLD, access=SEE
Please help me out by stating an example as how i can convert policy
rules as these into some form of capabilities given to each process
.This would be very helpful for my design.
More information about the freebsd-hackers
mailing list