Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRE: Denials from newest kernel
From: Venkat Yekkirala <vyekkirala_at_TrustedCS.com>
Date: Fri, 6 Oct 2006 11:11:19 -0400
Stephen and others can correct me if I am wrong, but while the naming was bin/null'd AFTER the con call, the policy was going to be done substantially as related in the peer conversation.
> the conference 1(a). packets "carry" originating socket domains 1(b). domains "recv" from other domains the packets are "carrying".
> 2) packets flow_in and flow_out associations 2(a) Associations again merely "carry" the domain of the originating socket and as such are not of much relevance. 2(b) domains as carried by packets can either flow_in or flow_out of the security points as defined using the secmark rules.
> 3) domains polmatch spd's (which are classified as associations) I wish the association class were renamed more like "ipsec" considering the only 2 perms used in there are polmatch and setcontext.
> 4) domains sendto/recvfrom associations In the compat_net case, yes. But not in the secmark world.
> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 6 Oct 2006 - 11:11:25 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |