All of lore.kernel.org
 help / color / mirror / Atom feed
From: sven.vermeulen@siphos.be (Sven Vermeulen)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] What is security_file_type and auth_file_type?
Date: Sun, 21 Dec 2014 11:11:28 +0100	[thread overview]
Message-ID: <20141221101128.GA2409@siphos.be> (raw)

Hi all

Originally, the use of the security_file_type attribute was to reduce the
size of the policy, and its purpose was mainly to differentiate between
files that could be dontaudited and those that couldn't (we want to see when
user domains access security_file_type types that they do not have access
to).

However, I could not find what the scope should be for a security_file_type
(and auth_file_type). When should a type be assigned to be a
security_file_type? "security" is a broad term...

Is it types that could jeopardize the security (confidentiality? integrity?
availability?) of the system when the resources of that type are /read/ by
unauthorized domains? Or is it when the resources are written to? The latter
(writes) is of course much broader (writing to /etc/pam.d or to the libraries
on the system for instance).

Wkr,
	Sven Vermeulen

             reply	other threads:[~2014-12-21 10:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-21 10:11 Sven Vermeulen [this message]
2014-12-22 14:23 ` [refpolicy] What is security_file_type and auth_file_type? Daniel J Walsh
2014-12-23 17:14   ` Sven Vermeulen
2014-12-23 18:13     ` Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141221101128.GA2409@siphos.be \
    --to=sven.vermeulen@siphos.be \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.