Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [RFC & PATCH] inherited type definition.
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 14 Mar 2005 10:22:12 -0500
I would not expect there to be any difference, as self is just a convenience notation, and in this particular example, someone who writes either form likely would not want the child to be able to kill the parent without an explicit allow rule from the child to the parent.
> except that wouldn't work if there's a "special" meaning given The policy compiler can (and does) distinguish self for processing, e.g.
allow domain self:process sigkill;
allow domain0_t domain0_t:process sigkill; allow domain1_t domain1_t:process sigkill; ... Hence, the policy compiler can handle self differently if desired, but in this case, I don't think we want it to be handled differently.
> subdivide the parent domain into rules which you do want to be Yes, but if you are willing to refactor existing domains in this manner, then it is unclear that you gain much benefit from having the inheritance support (vs. just defining macros that partition the domain in the same manner, and only including the desired macros in the "child" domains).
> 5) what about multiple inheritance? I think that KaiGai's patch allows for such multiple inheritance, but think about the implications there for type transition rules - what happens if they have a different default transition on the same executable type? If you look at existing derived domains for programs, you'll see that they don't fall neatly into this kind of inheritance scheme, as they gain some permissions that aren't directly allowed to the user domain and drop some permissions (and most/all transitions) possessed by the user domain that the program doesn't need. -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 14 Mar 2005 - 10:35:28 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |