Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: MCS policy patch
From: Russell Coker <russell_at_coker.com.au>
Date: Sat, 4 Feb 2006 10:10:22 +1100
We aren't using them yet in any other policy, but it seemed correct to add the constraint as I did. Of course we could just force the dynamic transition to stay at the same level.
> > Also the same restriction is placed on creation and relabelto for files, For relabelto yes, but not for creation. Therefore it was possible to create objects that you could not relabel.
> > It still doesn't place any MCS restrictions on read/write for file system Is it even possible to do that without kernel code changes? Currently it seems that the limit in this regard is the low level of the process. Also I think we want to go slowly on this and preserve the "targeted" design goal of breaking as few things as possible. We can (and will) add further constraints at later times.
> I like the idea of keeping things as absolutely as simple as possible, and I agree. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 3 Feb 2006 - 18:10:53 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |