From: Joshua Brindle <method@manicmethod.com>
To: Andy Warner <warner@rubix.com>
Cc: KaiGai Kohei <kaigai@kaigai.gr.jp>,
KaiGai Kohei <kaigai@ak.jp.nec.com>,
cpebenito@tresys.com, selinux@tycho.nsa.gov,
refpolicy@oss.tresys.com
Subject: Re: [RFC] Security policy reworks for SE-PostgreSQL
Date: Wed, 01 Apr 2009 13:05:03 -0400 [thread overview]
Message-ID: <49D39EBF.3050802@manicmethod.com> (raw)
In-Reply-To: <49D28656.1090504@rubix.com>
Andy Warner wrote:
>
>
> Joshua Brindle wrote:
>>
>> SELinux doesn't have a built in mechanism,
>
> By built in mechanism I meant exactly what you describe below. Maybe it
> wasn't the best choice of words. The SELinux policy (the MLS policy)
> provides a mechanism for the policy writer to assign the ability to
> violate B&L information flow. Thus, it would be redundant for the
> db_database object to have a permissions for something like "read-up",
> etc. If I were to compare that with the Trusted Solaris type policy
> mechanism, there was no such mechanism. Our DB would have to perform the
> dominance check for an operation, then decide ourselves if the user had
> sufficient authorizations to violate B&L. With the current SELinux MLS
> policy, all of that is done with one access check. The mac override type
> privilege you would see in TSol 8, etc would allow a process to perform
> some operation while ignoring the mac policy. This does not help our DB
> make a policy decision on a subject as they access a DBMS object.
This is absolutely correct, we want to use policy to specify mls exceptions
rather than having the policy spread through several object managers, this makes
it possible to do an analysis on the policy and actually see the information
flow through all object managers.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2009-04-01 17:05 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-31 8:55 [RFC] Security policy reworks for SE-PostgreSQL KaiGai Kohei
2009-03-31 8:55 ` [refpolicy] " KaiGai Kohei
2009-03-31 10:05 ` Andy Warner
2009-03-31 10:05 ` [refpolicy] " Andy Warner
2009-03-31 13:51 ` KaiGai Kohei
2009-03-31 13:51 ` [refpolicy] " KaiGai Kohei
2009-03-31 15:11 ` Andy Warner
2009-03-31 15:11 ` [refpolicy] " Andy Warner
2009-03-31 20:34 ` KaiGai Kohei
2009-03-31 20:34 ` [refpolicy] " KaiGai Kohei
2009-03-31 20:39 ` Andy Warner
2009-03-31 20:39 ` [refpolicy] " Andy Warner
2009-03-31 20:46 ` Joshua Brindle
2009-03-31 21:08 ` Andy Warner
2009-03-31 21:08 ` [refpolicy] " Andy Warner
2009-04-01 17:05 ` Joshua Brindle [this message]
2009-04-01 0:30 ` KaiGai Kohei
2009-04-01 0:30 ` [refpolicy] " KaiGai Kohei
2009-04-02 8:15 ` KaiGai Kohei
2009-04-02 8:15 ` KaiGai Kohei
2009-04-02 14:27 ` Joshua Brindle
2009-04-02 15:09 ` Christopher J. PeBenito
2009-04-02 15:09 ` Christopher J. PeBenito
2009-04-03 1:17 ` KaiGai Kohei
2009-04-03 1:17 ` KaiGai Kohei
2009-04-03 18:12 ` Joshua Brindle
2009-04-05 0:52 ` KaiGai Kohei
2009-04-05 0:52 ` KaiGai Kohei
2009-04-06 2:15 ` KaiGai Kohei
2009-04-06 2:15 ` KaiGai Kohei
2009-04-06 18:48 ` SELinux packages version (svn2950) Hasan Rezaul-CHR010
2009-04-06 19:18 ` Joshua Brindle
2009-04-06 19:48 ` Hasan Rezaul-CHR010
2009-04-06 20:14 ` Joshua Brindle
2009-04-06 20:30 ` Hasan Rezaul-CHR010
2009-04-06 20:37 ` Joshua Brindle
2009-04-12 23:45 ` [refpolicy] [RFC] Security policy reworks for SE-PostgreSQL KaiGai Kohei
2009-04-12 23:45 ` KaiGai Kohei
2009-04-20 20:07 ` Christopher J. PeBenito
2009-04-20 20:07 ` Christopher J. PeBenito
2009-04-20 23:27 ` KaiGai Kohei
2009-04-20 23:27 ` KaiGai Kohei
2009-05-07 12:24 ` Christopher J. PeBenito
2009-05-07 12:24 ` Christopher J. PeBenito
2009-05-08 3:56 ` KaiGai Kohei
2009-05-08 3:56 ` KaiGai Kohei
2009-05-08 4:05 ` KaiGai Kohei
2009-05-08 4:05 ` KaiGai Kohei
2009-05-21 11:49 ` Christopher J. PeBenito
2009-05-21 11:49 ` Christopher J. PeBenito
2009-05-08 4:12 ` KaiGai Kohei
2009-05-08 4:12 ` KaiGai Kohei
2009-05-22 13:38 ` Christopher J. PeBenito
2009-05-22 13:38 ` Christopher J. PeBenito
2009-05-21 11:28 ` Christopher J. PeBenito
2009-05-21 11:28 ` Christopher J. PeBenito
2009-04-21 2:51 ` KaiGai Kohei
2009-04-21 2:51 ` KaiGai Kohei
2009-05-07 13:08 ` Christopher J. PeBenito
2009-05-07 13:08 ` Christopher J. PeBenito
2009-04-03 0:25 ` KaiGai Kohei
2009-04-03 0:25 ` KaiGai Kohei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49D39EBF.3050802@manicmethod.com \
--to=method@manicmethod.com \
--cc=cpebenito@tresys.com \
--cc=kaigai@ak.jp.nec.com \
--cc=kaigai@kaigai.gr.jp \
--cc=refpolicy@oss.tresys.com \
--cc=selinux@tycho.nsa.gov \
--cc=warner@rubix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.