* determining security level domination
@ 2006-06-16 0:31 Matt Anderson
2006-06-16 12:12 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Matt Anderson @ 2006-06-16 0:31 UTC (permalink / raw)
To: selinux
I'm working on lpq and I need to determine if a user can see a job in
the queue. By this time the user's context is known, and all the jobs
in the queue have a context associated with them.
It seems like avc_has_perm_noaudit() is close to what I need, but I'm
not sure. The main problem I see with that is avc_has_perm may fail
based on user, role, or type, which I don't think I'm concerned with.
Conceivably I could get around this by mangling one of the contexts so
that I was only comparing levels and categories, but that doesn't sound
like a good idea at all.
Is there some function I've missed that does something like this?
thanks
-matt
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: determining security level domination
2006-06-16 0:31 determining security level domination Matt Anderson
@ 2006-06-16 12:12 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2006-06-16 12:12 UTC (permalink / raw)
To: Matt Anderson; +Cc: selinux
On Thu, 2006-06-15 at 20:31 -0400, Matt Anderson wrote:
> I'm working on lpq and I need to determine if a user can see a job in
> the queue. By this time the user's context is known, and all the jobs
> in the queue have a context associated with them.
>
> It seems like avc_has_perm_noaudit() is close to what I need, but I'm
> not sure. The main problem I see with that is avc_has_perm may fail
> based on user, role, or type, which I don't think I'm concerned with.
> Conceivably I could get around this by mangling one of the contexts so
> that I was only comparing levels and categories, but that doesn't sound
> like a good idea at all.
>
> Is there some function I've missed that does something like this?
The goal in SELinux is to abstract away the specific security model
behind general interfaces so that the model can change without needing
to modify all of the enforcement code and so that we can support
composite models like TE+MLS. Hence, we'd prefer to abstract away a
traditional dominance check to instead be a SELinux permission check on
the context pair. Then we can also apply TE controls as desired, as we
might actually want to prevent a user in one domain from seeing jobs in
another domain.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-06-16 12:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-16 0:31 determining security level domination Matt Anderson
2006-06-16 12:12 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.