SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: policy package names for Debian This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Fri, 28 Mar 2008 11:37:06 -0400 On Fri, 2008-03-28 at 10:50 -0400, Christopher J. PeBenito wrote: > On Fri, 2008-03-28 at 09:57 -0400, Stephen Smalley wrote: > > > Neglecting the above, I still disagree with dropping a TE-only > > > configuration. While you can arrive at the same configuration by having > > > one category and one sensitivity and/or dropping the MLS constraints, > > > you still get MLS bits leaking through, eg. in semanage. > > > > That's the point - the presence/absence of a context field is visible to > > users and applications no matter how much we try to encapsulate the > > contexts, and having the two different configurations makes maintenance > > and user experience more difficult/confusing. > > I think the confusion is worse for the TE-only case (emulated by no mls > constraints or only one category/sensitivity). For example, if you > short circuit the level translation to "", then people get confused when > their setexecon() fails because they haven't put :s0 at the end of the > context, but none of their ps -AZ processes have it. Thats > significantly more obtuse than people thinking "Fedora has that MCS > stuff, and Ubuntu doesn't." There is always configuration/support > variances between distros. Ah, that's likely true. And people do find the difference between MCS and MLS confusing as it is. > I'm not convinced many people actually use MCS at all. Users have a > hard enough time dealing with TE. If it wasn't for MCS I don't think > we'd even be having this discussion. For me, the value of MCS is getting the MLS support adequately tested and supported throughout the distribution. That's about it. The ideal scenario from a "mainstreaming MAC" perspective would be to have the real MLS constraints in place by default, and the only difference between the default setup and a MLS one would be whether one actually puts anything in any level other than s0. That would carry some cost from the constraint evaluation on compute_av calls, but that should be largely masked by the AVC. It shouldn't really affect memory or disk use as long as everything defaults to s0 and no categories. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 28 Mar 2008 - 11:39:08 EDT This message: [ Message body ] Next message: Joshua Brindle: "RE: file(1)" Previous message: Stephen Smalley: "Re: Debian SE Linux status" In reply to: Christopher J. PeBenito: "Re: policy package names for Debian" Next in thread: Russell Coker: "Re: policy package names for Debian" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom