[redhat-lspp] Xinetd patch
Joy Latten
latten at austin.ibm.com
Thu Sep 29 21:32:16 UTC 2005
On Thu, 2005-09-29 at 10:34 -0400, Chad Hanson wrote:
> >
> > Its common practice to use telnet to connect to services to
> > check if they are
> > working, for example, ftp or imap. I don't think you really
> > want xinetd
> > launching things at the originating connection's context.
> >
> > I think we are better off extending xinetd to understand MLS
> > networking.
> >
>
> I agree with not using the entire context, but just the MLS label as Stephen
> mentioned. It is not feasible or desired to start a secret telnet connection
> from an unclassified network obviously..... Also nor should the clearance of
> the new session be greater than unclassified. The only ways I can think of
> currently to get the MLS label of a connection is a getpeercon or else
> querying the policy to the MLS label of the client, the latter won't work in
> a trusted networking environment. Adding restrictions into xinetd for MLS
> maybe useful.
>
I am in learning mode, what does "querying the policy to the MLS label
of the client" mean?
Regards,
Joy
More information about the redhat-lspp
mailing list