I do have a pseudo LSM called "multiadm" at
http://freshmeat.net/p/multiadm/ , quoting:
The MultiAdmin security framework kernel module provides a means
to have multiple "root" users with unique UIDs. This bypasses
collation order problems with NSCD, allows you to have files
with unique owners, and allows you to track the quota usage for
every "real" user. It also implements a "sub-admin", a partially
restricted root user who has full read-only access to most
subsystems, but write rights only to a limited subset, for
example writing to files or killing processes only of certain
users.
The use case is so that profs (taking the role of sub-admins), can
operate on student's data/processes/etc. (quite often needed), but
without having the full root privileges.
Policy is dead simple since it is based on UIDs. The UID ranges can be
set on module load time or during runtime (sysfs params). This LSM is
basically grants extra rights unlike most other LSMs[1], which is why
modprobe makes much more sense here. (It also does not have to do any
security labelling that would require it to be loaded at boot time
already.)
Does that sound productive?
[1] SELinux: What I remember from coker.com.au's selinux test machine,
everyone had UID 0 and instead had powers revoked.
-
