[redhat-lspp] Requirements gathering
Frank Mayer
mayerf at tresys.com
Tue May 24 15:23:22 UTC 2005
James Morris wrote:
>
> 15) Better revocation (e.g. for mmap'd files).
Better revocation in general is a good goal as a practical matter. However I
don't think it is "required" for LSPP. I presume the issue is due to object
relabeling. The presumption for MLS is that objects are not relabeled
(tranquility), though all lower assurance systems had some explicit
privileged procedure to relabel for pragmatic reasons. In practice
applications put on MLS system have been using relabeling as a means to
bypass the MLS policy, but that's not an issue for evaluation.
Soap Box: SELinux has type enforcement which should be the trust/integrity
mechanism (rather than contorted MLS) so I would hope the poor application
practice of object relabeling will dissipate in SELinux. Certainly the mode
we're moving all our DoD customers to in our SELinux-based MLS applications.
More information about the redhat-lspp
mailing list