Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Multiple contexts
From: Luke Kenneth Casson Leighton <lkcl_at_lkcl.net>
Date: Wed, 12 Jan 2005 23:01:48 +0000
> single security equivalence class for analysis purposes. Think: policy yep - and the policy analysis tools would need to understand the new format.
2 ) even if they did chcon -t "F1,F2" foobar, you would still expect them to be doing that as an "interim" measure whilst they were testing something _pending_ formal analysis by putting that into the policy files. ... and once they did that, i would rationally expect the analysis tools to be able to cope, to "combine" allow P1 F1:file read; allow P2 F2:file write; into some sort of pseudo-thing ... mmm... mmm... *thinks*... the analysis would need the macro-munging approach _anyway_ in order to "grok" the new syntax - an intermediate preprocessing stage that "notices" multiple-file-applications (including possibly expanding regexps!) and ending up with something like this: filetype Files_with_F1_and_F2_applied_t;
allow P1 F1:file read;
it'd be yeurk - but doable, i think. l. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 12 Jan 2005 - 17:51:31 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |