Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

[Stephen Smalley <sds@epoch.ncsc.mil>]

On Wed, 2003-04-23 at 15:26, Christoph Hellwig wrote:
> And all these should _not_ happen in the actual tools but in a
> pluggable security module (something like pam).  Encoding any security
> policy and especially a xattr name in those utils is bad.

For many of the patched utilities, there would be no encoding of any
specific policy/module as long as you have a single attribute name,
since they are just handling the labels as strings.  It isn't clear that
PAM-like API is feasible for the wide range of different applications
that need to deal with security labels.  I don't see what value there is
in adding an extra level of indirection just to get the security label
of a file and display it, or to get it and use it to relabel a new copy
of the file to the same label.  

As a side note, please keep in mind that SELinux is itself a generic
framework for MAC policies, provides encapsulation of security labels,
and allows security models and attributes to be added or removed without
requiring changes outside of the security policy engine, which itself is
an encapsulated component of the SELinux module.

> And see, you start to contradict what you said before - with your
> suggestion cron has to know what the label means, so your selinux
> cron would do stupid things with say may Posix 1003.1e MAC filesystem.

Not exactly.  Our patch to crond uses a generic policy API that was
designed to support many different security models, so it doesn't have
to be specific to SELinux.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency