Andreas Gruenbacher wrote:
>
> Linda Walsh wrote:
> >
> > Paul Jakma wrote:
> > >
> > > On Tue, 22 Feb 2000, Linda Walsh wrote:
> > >
> > > > Just a data point, but when I have trusted IRIX installed,
> > > > there is no booting up in non-trusted mode. Capabilities are in
> > > > effect even in single-user.
>
> Strange...
>
> I found this in the Irix B1 sources at <http://oss.sgi.com/projects/ob1>.
> The cap_enabled global variable has one of the values CAP_SYS_SUPERUSER,
> CAP_SYS_NO_SUPERUSER, CAP_SYS_DISABLED.
>
--- Oh yeah, forgot to mention -- the code snippet you mention is executed during bootup by the kernel before the filesystems are even mounted -- so the kernel flips into one of the protection modes before anything else happens.As you mention, SGI has worked to open source even more of their code -- in the above case, a "reference" implementation of a B1 system. Our eventual hope is to have Linux security upgraded to meet the needs of our C2 and B1 customers. Currently, Irix is being officially evaluated for B1 compliance. Our Open Source System (oss) contains about everything we could release that wasn't encumbered by license or copyright restrictions that we couldn't waive.
-linda
> - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.rutgers.edu > Please read the FAQ at http://www.tux.org/lkml/
-- Linda Walsh @ SGI | Core Linux - Trust Technology 1200 Crittenden Lane MS:30-3-802 | Voice: (650) 933-5338 Mountain View, CA 94043 | Email: law@sgi.com
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:33 EST