[redhat-lspp] dev_allocator, udev and import/export requirements
Stephen Smalley
sds at tycho.nsa.gov
Thu Sep 8 14:42:59 UTC 2005
On Thu, 2005-09-08 at 10:21 -0400, Janak Desai wrote
> Yes, true. What I meant to say was, how will login handle
> single level terminals or multilevel terminals with a range
> of secret to top secret? How will a user cleared to top secret
> be prevented from loggin in at unclassified on a terminal
> marked "secret to top secret"? Does get_ordered_context_list
> take login terminal into account? Similar situations apply
> to printing on multilevel print device or backing up to
> multilevel tape device, right? Maybe I am still stuck on
> my SecureWare B1 way of thinking.
get_ordered_context_list/get_default_context doesn't take the terminal
into account per se, although it does take the context of the calling
process into account (the fromcon, which defaults to the result of a
getcon(3) if left NULL). Hence, you could run different login processes
with different ranges, although setup might be a pain.
Another option would be to amend the mls_compute_sid logic so that it
will fail if the process level falls outside of the original tty range.
At present, it doesn't take the original tty context into account at
all; it just sets the level in the returned context to the process
level, so that login et al relabel the tty to the same level as the user
session without considering the original level/range on the tty.
Or you could try to catch it upon the actual relabel (setfilecon)
operation by login et al, by defining a mlsvalidatetrans constraint that
prohibits the tty from being relabeled outside of its original range.
Although I'm not sure how you would then deal with the need to restore
it upon session close.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list