[RFC PATCH 0/3] access checks for translating contexts

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Darrel Goeddel <dgoeddel@TrustedCS.com>
To: SELinux List <selinux@tycho.nsa.gov>
Cc: Daniel Walsh <dwalsh@redhat.com>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Joshua Brindle <jbrindle@tresys.com>,
	Karl MacMillan <kmacmillan@mentalrootkit.com>,
	Linda Knippers <linda.knippers@hp.com>,
	Christopher PeBenito <cpebenito@tresys.com>
Subject: [RFC PATCH 0/3] access checks for translating contexts
Date: Thu, 05 Oct 2006 13:05:00 -0500	[thread overview]
Message-ID: <4525494C.6080901@trustedcs.com> (raw)

The following is an attempt to perform access checks for context translations.
The idea being that a process should not know about labels that are outside
of it's clearance.  Since there are now standalone MLS checks available, I have
added a new security class "context" with permission "translate".  The
mlsconstraint on that permission handles the MLS clearance portion.  TE access
must also be granted for the context to be translated - I see this a drawback
of the implementation because now we need a way to give TE access to all types
if we want a process to do translations limited purely by MLS.

Now... The daemon running at the lowest MLS level and the file describing
translations is at the lowest MLS level.  This throws the whole idea of
protecting the labels (the reason for the daemon in the first place) themselves
out the door since everyone can just read the file.  That daemon needs to run
at the highest MLS level and the file needs to be at the highest MLS level.
We (TCS) had things set up that way when we did some of the initial work on
the daemon.  Has anyone looked into actually fixing this issue (or at least
have an idea on what caused the breakage)?  If not, this whole patchset is
really not necessary.  I guess I could look into that as well...

-- 

Darrel

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

                 reply	other threads:[~2006-10-05 18:05 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4525494C.6080901@trustedcs.com \
    --to=dgoeddel@trustedcs.com \
    --cc=cpebenito@tresys.com \
    --cc=dwalsh@redhat.com \
    --cc=jbrindle@tresys.com \
    --cc=kmacmillan@mentalrootkit.com \
    --cc=linda.knippers@hp.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.