Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRE: [RFC & PATCH] inherited type definition.
From: Karl MacMillan <kmacmillan_at_tresys.com>
Date: Thu, 17 Mar 2005 14:15:42 -0500
This is a valid criticism - I don't have a concrete suggestion for my requirements and I'll stop pushing it until I or someone else comes up with a solution. I do, however, have a concrete alternative to this patch. After thinking about this for a while, I think that the best alternative to this patch right now is macros and simple copying of policy. One of the stated uses for this patch is to allow naïve users to create a policy based on an existing correct policy. Leaving aside whether it is a good idea for naïve users to write straight SELinux policy, the problem with the extends syntax is that it only allows for the creation of a superset of one or more existing types (I guess that it can also create a copy, but then there would be no reason for a new type). I assert that in most cases the creation of a new policy that is similar to an existing policy will not result in this clean superset. It is much easier to simply copy the existing .te file, run search and replace to change the type names, and tweak as necessary. The other uses for this syntax that I have seen suggested is to ease the creation of two or more types that have a similar base set of permissions. I think that macros address this use case well now and could be improved in the future. The base_passwd_domain macro provides an example of how this is done. I think that this is more understandable and easier to analyze than the extends syntax, especially because the extends semantic is subtle (it has resulted in considerable debate and it is still not clear exactly what is allowed and what is not). With the extends syntax the entire policy must be examined to understand what a type declaration actually allows if it includes an extend statement. Macros are not perfect, but there is some hope that a single macro (or a handful if it chains) is all that will have to be examined to have a reasonable understanding of the allowed access resulting from a macro call. Discipline in macro writing can make this situation even better. I think that it is better to only add policy syntax when it solves a problem that cannot be currently solved. Karl --- Karl MacMillan Tresys Technology http://www.tresys.com (410) 290-1411 ext 134Received on Thu 17 Mar 2005 - 14:22:47 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |