Re: Multiple contexts

[Luke Kenneth Casson Leighton <lkcl@lkcl.net>]

On Wed, Jan 12, 2005 at 04:27:16PM -0500, Stephen Smalley wrote:
> On Wed, 2005-01-12 at 13:29, Luke Kenneth Casson Leighton wrote:
> >  i don't believe it does - or i am misunderstanding.
> > 
> >  having two policy files apache.fc and mymodifiedthing.fc which _both_
> >  have a file context for the same file / directory, such that the
> >  data that ends up in the security.selinux xattr is "apache_filetype_t,
> >  "mymodifiedthing_filetype_t" doesn't mean, in my book "policy is in
> >  filesystem state".
> > 
> >  ... does it?
> > 
> >  *lost*.
> 
> The file_contexts configuration is not part of the kernel policy.  It is
> only used by userspace to set the contexts for files upon installation,
> to recheck the state of the filesystem against the initial labeling
> state, or to restore portions of the filesystem to the initial labeling
> state.
> 
> If you change the SELinux module to support a list of file contexts
> within the security.selinux attribute, and change its policy engine to
> allow access if any access is allowed to any one of those contexts, then
> the only way to truly identify what information flow is possible in the
> system is by checking the current security.selinux attributes of all
> files in the system for such combinations and collapsing them to a
> single security equivalence class for analysis purposes.  

 ah, yuk.

 ... so, ultimately, it would be better to have some m4-macro-based
 tools that do that, munging to an intermediate step (which is same
 as what we have now) and then munging _that_ to a binary policy
 file (exactly as is now).

 l.
 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.