On Wed, 2003-04-23 at 15:26, Christoph Hellwig wrote: > And all these should _not_ happen in the actual tools but in a > pluggable security module (something like pam). Encoding any security > policy and especially a xattr name in those utils is bad. For many of the patched utilities, there would be no encoding of any specific policy/module as long as you have a single attribute name, since they are just handling the labels as strings. It isn't clear that PAM-like API is feasible for the wide range of different applications that need to deal with security labels. I don't see what value there is in adding an extra level of indirection just to get the security label of a file and display it, or to get it and use it to relabel a new copy of the file to the same label. As a side note, please keep in mind that SELinux is itself a generic framework for MAC policies, provides encapsulation of security labels, and allows security models and attributes to be added or removed without requiring changes outside of the security policy engine, which itself is an encapsulated component of the SELinux module. > And see, you start to contradict what you said before - with your > suggestion cron has to know what the label means, so your selinux > cron would do stupid things with say may Posix 1003.1e MAC filesystem. Not exactly. Our patch to crond uses a generic policy API that was designed to support many different security models, so it doesn't have to be specific to SELinux. -- Stephen Smalley <sdsat_private> National Security Agency _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 12:52:54 PDT