[redhat-lspp] dev_allocator, udev and import/export requirements

Janak Desai janak at us.ibm.com
Thu Sep 8 14:21:12 UTC 2005 

Steve Grubb wrote:

> On Wednesday 07 September 2005 17:34, Janak Desai wrote:
> 
>>I have been looking at udev and TCS dev_allocator and I have some
>>questions.
> 
> 
> Me too. What is the real need for this utility? Does it play nicely with 
> lockdev? How does it differ from just doing a chcon on the device?
> 
> 
>>Are there patches to CUPS, login, star, etc that enforce the sensitivity
>>label ranges stored in the dev_allocator.conf file?
> 
> 
> This should be the responsibility of the OS to compare labels
> 

Yes, true. What I meant to say was, how will login handle
single level terminals or multilevel terminals with a range
of secret to top secret? How will a user cleared to top secret
be prevented from loggin in at unclassified on a terminal
marked "secret to top secret"? Does get_ordered_context_list
take login terminal into account? Similar situations apply
to printing on multilevel print device or backing up to
multilevel tape device, right? Maybe I am still stuck on
my SecureWare B1 way of thinking.


> 
>>LSPP requires that the TOE contain a mechanism by which an
>>admin can assign security attributes to devices (single level
>>or a range in case of multi-level).
> 
> 
> chcon does this for example. The audit system should be configured to hook 
> setxattr for the devices of the machine to generate audit records. No 
> userspace utility should have to do that.
> 
> 
>>These attributes are then used in the enforcement of MAC policy when
>>users/programs use these devices. I am trying to get a handle on what we
>>have to patch in order to satisfy LSPP import/export requirements with
>>respect to terminals, printers and removable devices.
> 
> 
> I'm wondering if we have to patch anything. How does this utility differ from 
> chcon + audit setup to get setxattr events? Allowing write to unlabeled or 
> read from unlabeled device could be enforced by policy. this way it has to be 
> chcon'd in order to be accessible. A boolean could override that. Changing 
> the boolean should be an auditable event.
> 

Yes, chcon + audit will take care of the requirement of manual state change. I
wasn't sure of device labels would be enforced for single and multilevel
devices.

> -Steve
> 
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
> 
>

More information about the redhat-lspp mailing list