Rbac class create_object policy

Creates a new object.

Type: rule policy.

Syntax

create_object: {source: SourceSid, target: TargetSid, container: ContainerType, type: Type}

In this case:

• SourceSid – handle of the initiating subject.

  This can be blank. In this case, source_type: @any and source_role: @any must be indicated in the corresponding configuration rule.

• TargetSid – handle of the object being created.
• ContainerType – type of container object in which the new object is being created.

  This can be blank. In this case, container_type: @any must be indicated in the corresponding configuration rule.

• Type – desired type of object being created.

  This can be blank. In this case, the parameters for automatic type assignment must be indicated in the corresponding configuration rule.

Returned value

KSS_GRANT if the object was created.

KSS_DENY if the object was not created.

Example

execute dst=SimpleServer {

rbac0.create_object

{ source: src_sid

, target: dst_sid

, container: ()

, type: "userland"

}

}

Page top