OpenSolaris

  subsites   code review   repo   packages   bugs   defect   polls   planet
You are not signed in. Sign in or register.

OpenSolaris Project: Fine Grained Access Policy (FGAP)

View the leaders for this project
Project Observers

Endorsing communities

Security

Introduction

This project will extend the existing Process Rights Management infrastructure in Solaris so that specified objects can be associated with individual privileges. The current Solaris privilege model does not allow one to express policy requirements such as:

  • only allow binding to port 80/tcp
  • only allow read access to file foo
  • only allow write access under $HOME/.mozilla

This project will support additional, otherwise privileged operations, in a restricted manner, according to a configurable policy. It should be compatible with current Solaris policies; applications which assert specific privileges will continue to work.

It should be possible to leverage the resulting policy exception mechanism through the Service Management Facility by specifying the policy in a service's manifest. Additionally, we plan to provide a mechanism to "sandbox" applications running under user accounts, by first removing basic'' privileges and then granting them on a case-by-case basis. To this end, the set of basic privileges may need to grow to include binding to any network port, modifying any filesystem object, etc.

As part of this project, we will also take a closer look at the implementation of profile shells in order to address some of their deficiencies:

  • the requirement to add profile shell support code to every shell
  • the inability to run internal commands as profiled commands or to add additional privileges to file redirects in profile shells.

The intent is to be able to express, via a process attribute, that execution of child processes is subject to applicable rights profiles, rather than relying on modified shells.

Announcements

06 Mar 2008 First FGAP putback
08 Jan 2008 FGAP gate created