From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Park Lee <parklee_sel@yahoo.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Valdis.Kletnieks@vt.edu, SELinux <SELinux@tycho.nsa.gov>
Subject: Re: Question about integration of IPsec with SELinux?
Date: Mon, 13 Jun 2005 22:19:51 +0100 [thread overview]
Message-ID: <20050613211951.GD17412@lkcl.net> (raw)
In-Reply-To: <1118666230.24565.1.camel@moss-spartans.epoch.ncsc.mil>
On Mon, Jun 13, 2005 at 08:37:10AM -0400, Stephen Smalley wrote:
> On Sun, 2005-06-12 at 12:44 +0100, Luke Kenneth Casson Leighton wrote:
> > btw i should also raise - again - the wisdom of only utilising
> > a 32-bit security descriptor in a networked environment.
> >
> > only 32-bit means that if you want to merge or join two secure
> > environments together, well.... you basically can't: you have a clash
> > of 32-bit SIDs.
> >
> > with NT / VAX-VMS style security descriptors (comprising 4of 32-bit
> > "SIDs" for a domain and a 32-bit "RID" - relative ID) you can at least
> > start creating inter-domain trust relationships.
>
> As is clearly noted in all SELinux documentation, SIDs are purely non-
> global (node-local) and non-persistent handles to security contexts.
> And as of Linux 2.6, they are furthermore kernel-private (or in the case
> of the userspace AVC, application-private).
so the security "context" label string is equivalent to an NT "RID".
and - just to clarify: the DOI - domain of interpretation -
is equivalent to the NT domain "prefix"?
cheers,
l.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-06-13 21:19 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-11 10:38 Question about integration of IPsec with SELinux? Park Lee
2005-06-11 17:27 ` Casey Schaufler
2005-06-11 18:45 ` Park Lee
2005-06-11 19:18 ` Valdis.Kletnieks
2005-06-11 19:49 ` Casey Schaufler
2005-06-12 2:16 ` Park Lee
2005-06-12 11:44 ` Luke Kenneth Casson Leighton
2005-06-12 12:39 ` Valdis.Kletnieks
2005-06-12 15:20 ` Luke Kenneth Casson Leighton
2005-06-12 19:18 ` Valdis.Kletnieks
2005-06-12 20:25 ` Luke Kenneth Casson Leighton
2005-06-12 20:30 ` Valdis.Kletnieks
2005-06-12 20:52 ` Luke Kenneth Casson Leighton
2005-06-12 21:45 ` Valdis.Kletnieks
2005-06-13 13:00 ` Stephen Smalley
2005-06-13 21:16 ` Luke Kenneth Casson Leighton
2005-06-14 13:21 ` Stephen Smalley
2005-06-14 14:31 ` Trent Jaeger
2005-06-15 22:04 ` Luke Kenneth Casson Leighton
2005-06-12 23:32 ` Casey Schaufler
2005-06-13 0:21 ` Valdis.Kletnieks
2005-06-13 10:01 ` Luke Kenneth Casson Leighton
2005-06-13 13:37 ` Valdis.Kletnieks
2005-06-13 14:10 ` Casey Schaufler
2005-06-13 12:49 ` Stephen Smalley
2005-06-13 21:17 ` Luke Kenneth Casson Leighton
2005-06-13 12:37 ` Stephen Smalley
2005-06-13 21:19 ` Luke Kenneth Casson Leighton [this message]
2005-06-12 12:34 ` Valdis.Kletnieks
2005-06-12 15:25 ` Luke Kenneth Casson Leighton
2005-06-12 16:16 ` Park Lee
2005-06-12 17:50 ` Casey Schaufler
2005-06-12 16:34 ` Park Lee
2005-06-12 17:02 ` Park Lee
2005-06-12 17:46 ` Casey Schaufler
[not found] <20050613213951.GB17617@lkcl.net>
2005-06-13 22:03 ` Casey Schaufler
2005-06-13 22:44 ` Luke Kenneth Casson Leighton
2005-06-16 16:01 ` Brian T. Sniffen
-- strict thread matches above, loose matches on Subject: below --
2005-06-14 18:11 Park Lee
2005-06-14 21:23 ` Casey Schaufler
2005-06-15 1:20 ` Park Lee
2005-06-15 3:00 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050613211951.GD17412@lkcl.net \
--to=lkcl@lkcl.net \
--cc=SELinux@tycho.nsa.gov \
--cc=Valdis.Kletnieks@vt.edu \
--cc=casey@schaufler-ca.com \
--cc=parklee_sel@yahoo.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.