From: Paul Moore <paul.moore@hp.com>
To: Venkat Yekkirala <vyekkirala@trustedcs.com>
Cc: jmorris@namei.org, netdev@vger.kernel.org, selinux@tycho.nsa.gov,
davem@davemloft.net, sds@tycho.nsa.gov, eparis@redhat.com
Subject: Re: Labeled Networking Requirements and Design (formerly RE: [PATCH 01/06] MLSXFRM: Granular IPSec associations for use in MLS environments)
Date: Mon, 26 Jun 2006 21:53:47 -0400 [thread overview]
Message-ID: <200606262153.48251.paul.moore@hp.com> (raw)
In-Reply-To: <44A0684D.9080904@trustedcs.com>
On Monday 26 June 2006 7:05 pm, Venkat Yekkirala wrote:
> USER REQUIREMENTS:
>
> The broad user requirements for labeled networking would be that of
> information labeling and flow control. Specifically,
>
> 1. Data labeling:
> a. data must be labeled where it originates.
> b. data must retain that label (or its interpretation in a given domain)
> when conveyed in a trustworthy manner.
{snip}
> PROPOSED DESIGN:
>
> Given the above requirements the following design is proposed:
>
> On the outbound (OTBND):
>
> The following applies to locally-generated (OUTPUT) as well as forwarded
> (FORWARD) traffic.
>
> 1. OUTPUT ONLY:
> a. Set secmark of the packet to the label of the socket unless its a
> datagram, the process is privileged and is allowed to specify
> a different label for the datagram per policy (R1a, R3a, R3c).
>
> b. If there's no real socket to take the label from, and this packet is
> in response to a received packet, use the level from the received
> packet, taking the TE portion of the context from the pseudo-socket
> on whose behalf the packet is being sent.
>
Keeping in mind (R1a), I wonder if it makes more sense for (OTBND1a) to take
the label of the process/domain which sends the data to the socket? After
all, the process/domain is the "origin" of the data. This seems to be
particularly important in the case of fork()-then-exec() where you could have
a socket created at a different context from the domain currently writing to
it.
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2006-06-27 1:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-26 23:05 Labeled Networking Requirements and Design (formerly RE: [PATCH 01/06] MLSXFRM: Granular IPSec associations for use in MLS environments) Venkat Yekkirala
2006-06-27 0:29 ` James Morris
2006-06-27 1:53 ` Paul Moore [this message]
2006-06-27 15:45 ` Venkat Yekkirala
2006-06-27 15:47 ` Venkat Yekkirala
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200606262153.48251.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=davem@davemloft.net \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=vyekkirala@trustedcs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).