MCS -- some comments for discussion
Gene Czarcinski
gene at czarc.net
Mon Nov 7 14:50:55 UTC 2005
On Sunday 06 November 2005 20:04, James Morris wrote:
> On Sun, 6 Nov 2005, Gene Czarcinski wrote:
> > 2. As I see it, MCS is "simply" another type of ACL but one which (to
> > me) is a better design (more useable) than the existing ACL capability.
> > However, whereas I can categorize (protect) both files and directories
> > with ACL, I can currently only categorize (protect) files (not
> > directories) with MCS. I consider this to be a problem/deficiency.
> >
> > Consider that when I create new application files (e.g, with
> > openoffice.org), they will not have a category assigned by default. This
> > could leave a sensitive file available for others to access. With
> > directory protection, this could be mitigated.
>
> Yes, inheriting a directory's categories on file creation (only) is
> something we'll probably investigate soon.
I am not sure that "inheriting a directory's categories on file creation
(only)" is the right answer (although it is one I could live with). I can
envision a situation where the files under a directory would be a mix of
categories. My point is that if a directory is categorized, then I should
not be able to see the files under that directory unless I was authorized for
that category.
BTW, one "little" annoyance that I forgot to mention. If I have a file
categorized s0:moonbean and then I copy it with "cp -p", the copied file has
default categorization -- s0:. That is, the security attributes are not
preserved. While I can get them preserved if I use "cp --preserve=all", I
believe that this should be the default if I specify "-p".
Gene
More information about the fedora-selinux-list
mailing list