* Interpret security context
@ 2004-09-01 14:36 Park Lee
2004-09-01 16:48 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Park Lee @ 2004-09-01 14:36 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 944 bytes --]
Hi,
In subsection 5.2.1 Object Labeling of <<The Flask Security Architecture: System Support for Diverse Security Policies>>, it says:
A security context, the first policy-independent data type, is a variable-length string which can be interpreted by any application or user with an understanding of the security policy.
While, In subsection 2.1.Flask Concepts of <<Configuring the SELinux Policy>>, it says:
The content and format of a security context depends on the particular security model, so a security context is only interpreted by the security server.
Then, Who can interpret the security context except security server? Can any application or user with an understanding of the security policy interpret the security context in the end?
--
Best Regards,
Park Lee <parklee_sel@yahoo.com>
---------------------------------
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
[-- Attachment #2: Type: text/html, Size: 1569 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Interpret security context
2004-09-01 14:36 Interpret security context Park Lee
@ 2004-09-01 16:48 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2004-09-01 16:48 UTC (permalink / raw)
To: Park Lee; +Cc: selinux
On Wed, 2004-09-01 at 10:36, Park Lee wrote:
> Hi,
> In subsection 5.2.1 Object Labeling of <<The Flask Security
> Architecture: System Support for Diverse Security Policies>>, it says:
> A security context, the first policy-independent data type, is a
> variable-length string which can be interpreted by any application or
> user with an understanding of the security policy.
>
> While, In subsection 2.1.Flask Concepts of <<Configuring the
> SELinux Policy>>, it says:
> The content and format of a security context depends on the
> particular security model, so a security context is only interpreted
> by the security server.
>
> Then, Who can interpret the security context except security
> server? Can any application or user with an understanding of the
> security policy interpret the security context in the end?
No conflict there. The context _can_ be interpreted by anything that
understands the policy; the context _is_ only interpreted by the
security server in the Flask architecture (i.e. it is _not_ interpreted
by the object managers). The point is that the context intepretation
requires knowledge of the policy, while the object managers are policy
neutral.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-09-01 16:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-09-01 14:36 Interpret security context Park Lee
2004-09-01 16:48 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.