<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3527" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2>Hi,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2>The MLS policy is defined via the MLS contraints file (<A
href="http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/mls">http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/mls</A>).
The default MLS policy in SELinux a modified Bell-LaPadula that enforces "no
read up, write equal". </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2>The process clearance label isn't going to really come up
into play for these access decisions, the effective SL of process is the key
factor being utilized, as known as "l1" in the mls constraint language.
</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2>The type of the process of the process is very important
when analyzing the results. There are certain types, such as sysadm_t, which
have mls privileges, such as mlsfileread (<A
href="http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/modules/system/userdomain.if#L1214">http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/modules/system/userdomain.if#L1214</A>).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2>All of this impacts the ability to read and write files on
the system.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2>A couple fo slidesets on the MLS implementation are
available below....</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2><A
href="http://selinux-symposium.org/2005/presentations/session3/3-3-hanson.pdf">http://selinux-symposium.org/2005/presentations/session3/3-3-hanson.pdf</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2><A
href="http://selinux-symposium.org/2006/slides/08-mls.pdf">http://selinux-symposium.org/2006/slides/08-mls.pdf</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921225713-23042009><FONT face=Arial
color=#0000ff size=2>-Chad</FONT> </SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> fedora-selinux-list-bounces@redhat.com
[mailto:fedora-selinux-list-bounces@redhat.com] <B>On Behalf Of </B>Mohammad
zoroufi<BR><B>Sent:</B> Thursday, April 23, 2009 6:45 AM<BR><B>To:</B>
fedora-selinux-list@redhat.com<BR><B>Subject:</B> No Read Up No Write
Down<BR></FONT><BR></DIV>
<DIV></DIV>Dear All,<BR>After switching on SELinux in MLS enforcing mode, I'd
like to know how the slogan of "no read up, no write <BR><BR>down" works.<BR>I
created some text files with the following
descriptions<BR>TestFile_S0
system_u:object_r:usr_t:s0<BR>TestFile_S0C2
system_u:object_r:usr_t:s0:c2<BR>TestFile_S1
system_u:object_r:usr_t:s1<BR>TestFile_S2
system_u:object_r:usr_t:s2<BR>TestFile_S2C11
system_u:object_r:usr_t:s2:c11<BR>TestFile_S2C5
system_u:object_r:usr_t:s2:c5<BR>TestFile_S3
system_u:object_r:usr_t:s3<BR>TestFile_S3C14
system_u:object_r:usr_t:s3:c14<BR>TestFile_S3C5
system_u:object_r:usr_t:s3:c5<BR>After creating these text file, I went to
create users having different security clearance;<BR>The clearance of each
created user is listed bellow:<BR><BR><B>Login Name SELinux
User Role
MLS/MCS Range</B><BR>first
x_first
xguest_r
s0<BR>second
x_second
sysadm_r
s3-s3:c5.c15<BR>third
x_third
sysadm_r
s1:c3.c15-s3:c5.c10<BR>forth
x_forth
system_r
s1-s1:c0.c10<BR>root
root
system_r
s0-s15:c0.c1023<BR><BR>having the clearance delegated for each user I expect
user first have read write access to TestFile_S0 and just <BR>write access to
all other files; user second have read access to files such as TestFile_S0,
TestFile_S0C2, <BR>TestFile_S2, TestFile_S2C5, TestFile_S2C11 and only write
access to TestFile_S3, TestFile_S3C14.<BR>when I switch to MLS enforcing mode
I see something else.<BR>These users have no permission to write to files they
expect they have write access to.<BR>I'd like to know the where this problem
originates<BR>Moreover when user first wants to take a list of the directory
contents only TestFile_S0, TestFile_S1, <BR>TestFile_S2 are listed not else;
user second sees TestFile_S0, TestFile_S1, TestFile2, TestFile3; users
<BR>third and root sees all files; user forth sees just TestFile_S0 not
more.<BR>I don't know why such lists are taken when I'd like to take a
list.<BR>Any comment is wellcome<BR><BR>Best
Regards<BR></BLOCKQUOTE></BODY></HTML>