From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id n2BHjRsO014545
	for <selinux@tycho.nsa.gov>; Wed, 11 Mar 2009 13:45:27 -0400
Received: from house.lunarmania.com (jazzhorn.ncsc.mil [144.51.5.9])
	by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id n2BHjQFt003427
	for <selinux@tycho.nsa.gov>; Wed, 11 Mar 2009 17:45:26 GMT
Received: from 78-3-249-56.adsl.net.t-com.hr ([78.3.249.56] helo=[192.168.1.2])
	by house.lunarmania.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from <warner@rubix.com>)
	id 1LhSUV-0004xE-Fg
	for selinux@tycho.nsa.gov; Wed, 11 Mar 2009 10:45:16 -0700
Message-ID: <49B7F893.9040706@rubix.com>
Date: Wed, 11 Mar 2009 18:44:51 +0100
From: Andy Warner <warner@rubix.com>
MIME-Version: 1.0
To: SELinux List <selinux@tycho.nsa.gov>
Subject: Significance of the level on a port configuration
Content-Type: multipart/alternative;
 boundary="------------060104000407010500050202"
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

This is a multi-part message in MIME format.
--------------060104000407010500050202
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Can someone give me a quick overview of the significance (i.e., the MLS 
behavior) of the port level for SELinux.

I am attempting to have two connection from untrusted hosts that are 
statically labeled (with netlabelctl) one at high (s0) and one at low 
(s1). Both connections will be made over the same port number. The 
service accepting the connections runs at SystemHigh on Fedora 9 with 
MLS policy. What difference does the level of the port make ? Assume all 
TE rules are satisfied for the context of my question.

Thanks,

Andy



--------------060104000407010500050202
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial">Can someone give me a quick overview of the
significance (i.e., the MLS behavior) of the port level for SELinux. <br>
<br>
I am attempting to have two connection from untrusted hosts that are
statically labeled (with netlabelctl) one at high (s0) and one at low
(s1). Both connections will be made over the same port number. The
service accepting the connections runs at SystemHigh on Fedora 9 with
MLS policy. What difference does the level of the port make ? Assume
all TE rules are satisfied for the context of my question.<br>
<br>
Thanks,<br>
<br>
Andy<br>
<br>
<br>
</font>
</body>
</html>

--------------060104000407010500050202--

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Subject: Re: Significance of the level on a port configuration
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Andy Warner <warner@rubix.com>
Cc: SELinux List <selinux@tycho.nsa.gov>
In-Reply-To: <49B7F893.9040706@rubix.com>
References: <49B7F893.9040706@rubix.com>
Content-Type: text/plain
Date: Wed, 11 Mar 2009 13:47:19 -0400
Message-Id: <1236793639.14649.67.camel@localhost.localdomain>
Mime-Version: 1.0
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

On Wed, 2009-03-11 at 18:44 +0100, Andy Warner wrote:
> Can someone give me a quick overview of the significance (i.e., the
> MLS behavior) of the port level for SELinux. 
> 
> I am attempting to have two connection from untrusted hosts that are
> statically labeled (with netlabelctl) one at high (s0) and one at low
> (s1). Both connections will be made over the same port number. The
> service accepting the connections runs at SystemHigh on Fedora 9 with
> MLS policy. What difference does the level of the port make ? Assume
> all TE rules are satisfied for the context of my question.
> 
I don't think the port level should make any difference.  Are there any
MLS constraints defined on any of the permission checks that are based
on port contexts?
> 
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul.moore@hp.com>
To: Andy Warner <warner@rubix.com>
Subject: Re: Significance of the level on a port configuration
Date: Thu, 12 Mar 2009 11:07:27 -0400
Cc: Stephen Smalley <sds@tycho.nsa.gov>, SELinux List <selinux@tycho.nsa.gov>
References: <49B7F893.9040706@rubix.com> <1236793639.14649.67.camel@localhost.localdomain>
In-Reply-To: <1236793639.14649.67.camel@localhost.localdomain>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Message-Id: <200903121107.27468.paul.moore@hp.com>
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

On Wednesday 11 March 2009 01:47:19 pm Stephen Smalley wrote:
> On Wed, 2009-03-11 at 18:44 +0100, Andy Warner wrote:
> > Can someone give me a quick overview of the significance (i.e., the
> > MLS behavior) of the port level for SELinux.
> >
> > I am attempting to have two connection from untrusted hosts that are
> > statically labeled (with netlabelctl) one at high (s0) and one at low
> > (s1). Both connections will be made over the same port number. The
> > service accepting the connections runs at SystemHigh on Fedora 9 with
> > MLS policy. What difference does the level of the port make ? Assume
> > all TE rules are satisfied for the context of my question.
>
> I don't think the port level should make any difference.  Are there any
> MLS constraints defined on any of the permission checks that are based
> on port contexts?

Using the new network access controls there is no specific check against the 
port label, only the network interface and node (both of which just recently 
had the MLS constraints added).

-- 
paul moore
linux @ hp


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Subject: Re: Significance of the level on a port configuration
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Moore <paul.moore@hp.com>
Cc: Andy Warner <warner@rubix.com>, SELinux List <selinux@tycho.nsa.gov>
In-Reply-To: <200903121107.27468.paul.moore@hp.com>
References: <49B7F893.9040706@rubix.com>
	 <1236793639.14649.67.camel@localhost.localdomain>
	 <200903121107.27468.paul.moore@hp.com>
Content-Type: text/plain
Date: Thu, 12 Mar 2009 11:09:26 -0400
Message-Id: <1236870566.22058.117.camel@localhost.localdomain>
Mime-Version: 1.0
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

On Thu, 2009-03-12 at 11:07 -0400, Paul Moore wrote:
> On Wednesday 11 March 2009 01:47:19 pm Stephen Smalley wrote:
> > On Wed, 2009-03-11 at 18:44 +0100, Andy Warner wrote:
> > > Can someone give me a quick overview of the significance (i.e., the
> > > MLS behavior) of the port level for SELinux.
> > >
> > > I am attempting to have two connection from untrusted hosts that are
> > > statically labeled (with netlabelctl) one at high (s0) and one at low
> > > (s1). Both connections will be made over the same port number. The
> > > service accepting the connections runs at SystemHigh on Fedora 9 with
> > > MLS policy. What difference does the level of the port make ? Assume
> > > all TE rules are satisfied for the context of my question.
> >
> > I don't think the port level should make any difference.  Are there any
> > MLS constraints defined on any of the permission checks that are based
> > on port contexts?
> 
> Using the new network access controls there is no specific check against the 
> port label, only the network interface and node (both of which just recently 
> had the MLS constraints added).

name_bind/name_connect are still port-based, but there are no MLS
constraints on them.

The older per-packet send_msg/recv_msg checks are only applied if
compat_net=1.  send_msg has no MLS constraint.  recv_msg is included in
the socket "read" ops MLS constraint for reasons unclear to me; that
seems like a mistake.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul.moore@hp.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: Significance of the level on a port configuration
Date: Thu, 12 Mar 2009 11:24:27 -0400
Cc: Andy Warner <warner@rubix.com>, SELinux List <selinux@tycho.nsa.gov>
References: <49B7F893.9040706@rubix.com> <200903121107.27468.paul.moore@hp.com> <1236870566.22058.117.camel@localhost.localdomain>
In-Reply-To: <1236870566.22058.117.camel@localhost.localdomain>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Message-Id: <200903121124.27596.paul.moore@hp.com>
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

On Thursday 12 March 2009 11:09:26 am Stephen Smalley wrote:
> On Thu, 2009-03-12 at 11:07 -0400, Paul Moore wrote:
> > On Wednesday 11 March 2009 01:47:19 pm Stephen Smalley wrote:
> > > On Wed, 2009-03-11 at 18:44 +0100, Andy Warner wrote:
> > > > Can someone give me a quick overview of the significance (i.e., the
> > > > MLS behavior) of the port level for SELinux.
> > > >
> > > > I am attempting to have two connection from untrusted hosts that are
> > > > statically labeled (with netlabelctl) one at high (s0) and one at low
> > > > (s1). Both connections will be made over the same port number. The
> > > > service accepting the connections runs at SystemHigh on Fedora 9 with
> > > > MLS policy. What difference does the level of the port make ? Assume
> > > > all TE rules are satisfied for the context of my question.
> > >
> > > I don't think the port level should make any difference.  Are there any
> > > MLS constraints defined on any of the permission checks that are based
> > > on port contexts?
> >
> > Using the new network access controls there is no specific check against
> > the port label, only the network interface and node (both of which just
> > recently had the MLS constraints added).
>
> name_bind/name_connect are still port-based, but there are no MLS
> constraints on them.

I got the impression that Andy was interested in port based MLS constraints in 
the context of per-packet access control.

> The older per-packet send_msg/recv_msg checks are only applied if
> compat_net=1.  send_msg has no MLS constraint.  recv_msg is included in
> the socket "read" ops MLS constraint for reasons unclear to me; that
> seems like a mistake.

I don't know of the reasoning behind that decision either, but this will be 
less of an issue in the future as the compat_net code will be going away soon.

-- 
paul moore
linux @ hp


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.