Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Added is_context_configurable function
From: Stephen Smalley <sds_at_epoch.ncsc.mil>
Date: Wed, 12 Jan 2005 09:19:15 -0500
That is also my view. However, if people are going to run setfiles or restorecon at runtime to check or set contexts (which is current practice in Fedora), then we do need a way to distinguish legitimate customizations from what are essentially bugs in the policy (e.g. lack of a file type transition rule) or applications (e.g. failure to preserve or set context on a file where file type transition rules are insufficient). The file contexts configuration seemed like a reasonable way to capture that distinction to me. Two questions: 1) Is it sufficient to identify legitimate customizations based solely on the TE type of the file? If not, what other information should be taken into account, irrespective of whether this is done via file_contexts or via a different config file? 2) Is it feasible for the policy writer to identify all such TE types a priori in the policy without covering such a large set as to make setfiles/restorecon completely useless by default? If not, what mechanism will be provided to allow users/admins to easily mark additional types without conflicting with future policy updates? -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 12 Jan 2005 - 09:25:19 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |