On Wed, Jan 12, 2005 at 04:27:16PM -0500, Stephen Smalley wrote:
> On Wed, 2005-01-12 at 13:29, Luke Kenneth Casson Leighton wrote:
> > i don't believe it does - or i am misunderstanding.
> >
> > having two policy files apache.fc and mymodifiedthing.fc which _both_
> > have a file context for the same file / directory, such that the
> > data that ends up in the security.selinux xattr is "apache_filetype_t,
> > "mymodifiedthing_filetype_t" doesn't mean, in my book "policy is in
> > filesystem state".
> >
> > ... does it?
> >
> > *lost*.
>
> The file_contexts configuration is not part of the kernel policy. It is
> only used by userspace to set the contexts for files upon installation,
> to recheck the state of the filesystem against the initial labeling
> state, or to restore portions of the filesystem to the initial labeling
> state.
>
> If you change the SELinux module to support a list of file contexts
> within the security.selinux attribute, and change its policy engine to
> allow access if any access is allowed to any one of those contexts, then
> the only way to truly identify what information flow is possible in the
> system is by checking the current security.selinux attributes of all
> files in the system for such combinations and collapsing them to a
> single security equivalence class for analysis purposes.

 ah, yuk.

 ... so, ultimately, it would be better to have some m4-macro-based  tools that do that, munging to an intermediate step (which is same  as what we have now) and then munging _that_ to a binary policy  file (exactly as is now).

 l.  

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.