All of lore.kernel.org
 help / color / mirror / Atom feed
From: Michal Svoboda <michal.svoboda@agents.felk.cvut.cz>
To: selinux@tycho.nsa.gov
Subject: Re: MCS and default labels
Date: Wed, 9 Sep 2009 12:06:47 +0200	[thread overview]
Message-ID: <20090909100647.GE24297@myhost.felk.cvut.cz> (raw)
In-Reply-To: <1252429805.13634.423.camel@moss-pluto.epoch.ncsc.mil>

[-- Attachment #1: Type: text/plain, Size: 2318 bytes --]

Stephen Smalley wrote:
> Unfortunately for you, MCS is using the existing MLS engine, which
> doesn't presently support inheritance from parent directory (unlike the
> TE engine).  So to support the behavior you want, you'd have to modify
> the actual code (and that's kernel code).  Thus, you are more likely to
> find success using actual MLS or using TE.

Let me see if I can come up with a simple patch that does the work. It
sounds better than rewriting each app to actually change the labels for
themselves. (Is there even an API for specifying MCS label prior to file
creation? If it has to be changed after the file exists then it's a huge
race condition style hole.)

> > Secondly I don't see why a user is not able to discretionarily specify
> > his range outright when going via ssh just as he can with roles. 
> 
> That's another artifact of the MLS model (label preservation /
> confinement).

Unfortunately here I have no idea on what code should I look to remove
that artifact.

> > No. MLS is about strict ordering 0 < 1 < 2 ... I just want a partially
> > ordered set. I want compartments, not sensitivities. MCS and MLS are
> > orthogonal, at least by their theoretical properties (and SELinux MCS
> > strongly resembles the theory in practice).
> 
> I think you're confused about MLS; it supports a set of hierarchical
> sensitivities and a set of non-hierarchical categories, and MCS is
> nothing more than a particular configuration of the MLS engine.  So you
> are free to just use a single MLS sensitivity and only use its
> categories.  

I think I am not confused. There are two principles, sensitivities and
categories. Categories do have hierarchy, just not a strictly ordered
one. For any two categories one could find a supremal and infimal ones,
and that's what contributes to the quadratic number of types should TE
be used instead.

A MCS system is then just taking advantage of the categories principle,
and not utilising the sensitivities one. That is perfectly what I want,
but I just want it to be usable on my use case, ie. files inheriting
categories from parent dirs, which I think is perfectly valid. I see
this topic recurring and the standard reply "use something else than
MCS" is just weird at least.

Regards,
Michal Svoboda

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

  reply	other threads:[~2009-09-09 10:07 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-08  5:58 MCS and default labels Michal Svoboda
2009-09-08 15:35 ` Stephen Smalley
2009-09-08 16:36   ` Michal Svoboda
2009-09-08 17:10     ` Stephen Smalley
2009-09-09 10:06       ` Michal Svoboda [this message]
2009-09-09 12:17         ` Stephen Smalley
2009-09-09 13:19           ` Michal Svoboda
2009-09-09 13:34             ` Stephen Smalley
2009-09-09 13:59               ` Michal Svoboda
2009-09-09 14:34                 ` Stephen Smalley
2009-09-14  8:19           ` Michal Svoboda
2009-09-14 12:20             ` Stephen Smalley
2009-09-14 13:00               ` Stephen Smalley
2009-09-15  6:32               ` Michal Svoboda
2009-09-15 11:16                 ` Stephen Smalley
2009-09-27  7:34           ` Russell Coker
2009-09-28 13:37             ` Stephen Smalley
2009-09-28 20:57               ` Russell Coker
2009-09-28 23:22               ` Kyle Moffett
2009-09-29 12:21                 ` Stephen Smalley
2009-09-29 13:54                   ` Kyle Moffett
2009-09-29 20:54                     ` Paul Moore
2009-09-30  3:51                       ` Kyle Moffett
2009-09-30 13:19                         ` Paul Moore
2009-09-30 13:49                           ` Kyle Moffett
2009-09-30 14:20                             ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090909100647.GE24297@myhost.felk.cvut.cz \
    --to=michal.svoboda@agents.felk.cvut.cz \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.