From: Eamon Walsh <ewalsh@tycho.nsa.gov>
To: Glenn Faden <Glenn.Faden@sun.com>
Cc: Xavier Toth <txtoth@gmail.com>,
SELinux List <selinux@tycho.nsa.gov>,
Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [PATCH] libselinux: add "poly_property" type to X contexts backend
Date: Wed, 06 Feb 2008 14:27:40 -0500 [thread overview]
Message-ID: <47AA0A2C.6090009@tycho.nsa.gov> (raw)
In-Reply-To: <47A9DA5D.2030109@sun.com>
Glenn Faden wrote:
> Eamon Walsh wrote:
>
>> Xavier Toth wrote:
>>
>>> I'm curious as to why you chose the route of specifying which
>>> properties are polyinstantiated instead of which are not bearing in
>>> mind what Glenn said in a previous post?
>>>
>>>
>> The server will check the "property" lines first and if it doesn't
>> find a match it will check the "poly_property" lines. So, as long as
>> the wildcard entry in the x_contexts file is changed from property to
>> poly_property, the default will be to polyinstantiate.
>>
>> However I wasn't planning on treating the root window any differently
>> from other windows, so this behavior would apply to all windows.
>>
> I've never seen a requirement for polyinstantiation of properties on
> per-client windows. I've seen requirements for relabeling properties,
> however. For example, the trusted selection manager needs to create
> properties that are readable by the client who requests a
> ConvertSelection. We do this by calling a new X protocol extension.
SELinux protocol extension allows clients to create windows and
properties with different security contexts.
> How
> do you plan to have trusted clients act on behalf of other clients with
> different security contexts?
I haven't done the polyinstantiation for selections yet, but my current
plan is to implement a trusted clipboard manager that will display the
various clipboard contents and allow users to upgrade or downgrade,
which means that the clipboard manager will take ownership of the
selection at the target level and just pipe the data through. This
scheme shouldn't require tweaking properties on the fly. However this
would not be point-to-point but would make the selection available to
all applications at the target level.
> Similarly, how can a trusted client
> read/write a polyinstantiated property with a different security context?
>
By launching a helper process at the appropriate level.
--
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-02-06 19:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-05 21:30 [PATCH] libselinux: add "poly_property" type to X contexts backend Eamon Walsh
2008-02-05 22:12 ` Xavier Toth
2008-02-06 0:51 ` Eamon Walsh
2008-02-06 3:04 ` Eamon Walsh
2008-02-06 16:03 ` Glenn Faden
2008-02-06 19:27 ` Eamon Walsh [this message]
2008-02-09 0:39 ` Ted X Toth
2008-02-13 20:06 ` Eamon Walsh
2008-02-12 17:53 ` Xavier Toth
2008-02-07 16:13 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47AA0A2C.6090009@tycho.nsa.gov \
--to=ewalsh@tycho.nsa.gov \
--cc=Glenn.Faden@sun.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=txtoth@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.