MLS levels and the initial SID for kernel_t

[Chad Hanson]

The kernel on an MLS system should be at system high. There is a range
transition rule for init to transition to s0 (system low). fsck should have
mls privileges to read the raw devices which are protected at system high,
the same label as the kernel. If these privileges are missing we need to add
them into the policy.

The kernel itself shouldn't be a ranged object, it should system high,
especially since this should also be the label of devices such as kmem,
because they don't arbitrate access to objects, but instead give access to
raw data (memory). Since the data is raw, the safe assumption to make is
that the data might be system_high so it should be labeled as such. The same
holds true for unlabeled files.

Interfaces such as filesystems arbitrate access to data and make an MLS
decision based on the label of subject and object.

-Chad

> Paul Moore wrote:
> 
> > Dan's latest MLS policy RPM (as well as some past versions) has a 
> > patch in it, mlspol.patch, which contains the following change for 
> > initial_sid_contexts:
> >
> >  -sid kernel        system_u:system_r:kernel_t:s0 - s9:c0.c127
> >  +sid kernel        system_u:system_r:kernel_t:s9:c0.c127
> >
> > From what I can tell this causes some problems, the biggest 
> of which 
> > being that init starts at s9 which can cause the system to 
> die on boot 
> > when trying to fsck the filesystems.  I'm not entirely sure 
> why this 
> > change was made as I would think we would want the kernel to run at 
> > s0-s9 or at the very least s0.  Can someone clue me in as to why we 
> > want to run the kernel at s9 or, Dan, can you change it 
> back to s0 - s9?
> >
> > Thanks,
> >
> I will go with either way.  I don't recall why the change was made.
>