SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [PATCH] MLS interface update This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Christopher J. PeBenito <cpebenito_at_tresys.com> Date: Mon, 13 Mar 2006 10:33:31 -0500 On Fri, 2006-03-10 at 10:23 -0600, Chad Hanson wrote: > This patch updates existing mls interfaces and summaries to reflect > the current mls constraints. Also, there are also new interface > definitions for some mls attributes which were lacking interfaces. Now that refpolicy is in a release OS (FC5 final), the interfaces have to be stabilized, so we can't change interface names without compatibility interfaces. The interface additions would be ok, but upon closer examination of the constraints, why are the reads traditional BLP (l1 dom l2), but the writes aren't (l1 eq l2 for { file lnk_file fifo_file }, and (l1 dom l2 and l1 domby h2) for { dir chr_file blk_file sock_file })? In fact, the (l1 dom l2 and l1 domby h2) doesn't look correct to me; (l1 domby l2) seems right. It appears the write constraints are being used for integrity (at least for file, lnk_file and fifo_file), but we already have TE for this purpose. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 13 Mar 2006 - 10:32:58 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: Strange behaviour in MLS Policy" Previous message: Christopher J. PeBenito: "Re: [PATCH] MLS policy comment update" In reply to: Chad Hanson: "[PATCH] MLS interface update" Next in thread: Chad Hanson: "RE: [PATCH] MLS interface update" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom