|
|
AnnouncementsThe Fine-grained Access Policy project has been started on OpenSolaris. We welcome your feedback! First FGAP putback | 03/06/2008A first putback was done to the ON gate; the fgap gate has been merged and you should be able to pull the latest version. The Demo files have been updated to match the changes in the gate. (Note that for the initial "pull" you will need to use "hg clone") FGAP gate created | 01/08/2008I've created a gate with an FGAP prototype and attached a FGAP sample program in the file section. The FGAP gate can be pulled using Mercurial: hg pull ssh://anon at hg dot opensolaris dot org/hg/fgap/gate and should be buildable by following the ON build instructions. Once you've bfu'ed, you can run the sample program. OnAnother feature of this build is an in-kernel implementation of "pfexec" and the inclusion of "pfzsh", "pfksh93", etc. All are now links to "pfexec". Set-uid applications with associated privileges now behave like they truly use forced privileges; i.e., they no longer run with an effective uid of 0 at the sstart. This is currently hacked through a special profattr/execattr profiles & attribute combo. It is all supported using a new pfexecd daemon. Make sure you do resolve conflicts after building an ddoing a bfu, |
