[redhat-lspp] LSPP/RBACPP requirements v.002
Chad Hanson
chanson at TrustedCS.com
Wed Sep 28 17:44:52 UTC 2005
> A few comments/questions:
>
> - The "MLS policy and function requirement" says that we need a "real"
> MLS policy still. I assume TCS has one, is it available?
> Also, ideally
> we'd like to see the reference policy (with MCS and MLS changes
> included) used as the baseline for the effort if it matures in time.
>
We are in the process of updating our current MLS policy to rawhide sources.
We hope this should be done soon. We can provide a patch to the MLS policy
that Dan Walsh is maintaining currently and work out any kinks so we can get
this into rawhide.
>
> - With regard to the state of the "Label translation" requirement,
> libselinux upstream and in Fedora now includes the necessary
> infrastructure to support transparent label translations for
> applications that use it. TCS has a patch for procps to make it use
> libselinux rather than directly reading /proc/pid/attr/current so that
> it will also use the translations, and has submitted it upstream.
> Fedora has a libsetrans that performs the actual translation for their
> MCS policy, but we'll need to generalize it or drop in a different one
> for MLS I think. I assume TCS has one, but I think it then communicates
> with a daemon that internally uses the MITRE library. MITRE
> was open to the idea of open sourcing their library, but TCS didn't seem
to think
> that would be worthwhile versus just creating a clean reimplementation
> for anyone who isn't bound to using the MITRE one. Not sure what others
think.
>
We do have our own MITRE translation library. I would think we should either
extend the current libsetrans to support a generic MLS translator based on
whether the config is MCS or MLS or just create a new libsetrans. I don;t
know which is the best approach here.
> - I'm a bit unclear on the "Multilevel xinetd" and "Multilevel sshd"
> requirements. Using the label of the incoming connection implies an
> obvious trust burden on the client, and that is all done prior to any
> normal user authentication mechanisms by the application, so
> it may have little relevance to the actual authorized label for the user.
> The sshd selinux patch performs explicit transitions to an appropriate
security
> context for the user after authentication already.
>
We do have an xinetd patch I can post. I need to check on openssh.
-Chad
More information about the redhat-lspp
mailing list