With the well-documented manuals, I'm successfully
testing
several access control policies. (Thanks to all
contributors :) )
I've been testing role dominance relation.
expecially,
the transitivity of role dominance
relation.
prof_r > (osg_r, dbg_r) > stud_r
as;
dominance { role prof_r { role osg_r; role dbg_r; }
}
dominance { role osg_r { role stud_r; } }
dominance { role dbg_r { role
stud_r; } }
# disabled direct relation
#dominance { role prof_r { role stud_r; }
}
In the above relation, I guessed that the
prof_r role can not inherit
the types of stud_r as seeing below;
login: dilee_u
Password:
Your default context is dilee_u:osg_r:osg_t.
Do you
want to choose a different one? [n]y
[1] dilee_u:osg_r:osg_t
[2]
dilee_u:dbg_r:dbg_t
[3] dilee_u:prof_r:prof_t
Enter number of
choice:
And I also could not get the context of stud_r using the newrole
command
after getting the context of osg_r or dbg_r.
Any comments on this problem???
Have a nice day.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Hyung Chan
Kim
Security Group, Concurrent System Research
Laboratory
Dept. of Information and Communications
Kwangju Institute of
Science and Technology (K-JIST)
1 Oryong-dong Buk-ku Gwangju 500-712, Rep. of
Korea
Lab. : +82-62-970-2266
Fax :
+82-62-970-2204
Mobile :
+82-11-9660-4900
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-