[redhat-lspp] device allocation and mountable devices

Cory Olmo colmo at TrustedCS.com
Mon Apr 3 15:50:48 UTC 2006 

I was asked to post a problem facing device allocation and mountable devices
to the list so that people become aware of it.

A quick introduction to the dev_allocator.  The device allocator is made up
of two command line tools.  The first is an admin tool which allows devices
to be configured as user allocatable devices.  An admin is able to
configure a device such as the dsp device to be allocatable to a user
within a given SL range, such as unclassified to top secret.  The second
tool is the dev_allocator which allows users to request the allocation and
unallocation of configured devices.  The tool allows a normal user to
request the dsp device be allocated at secret and be able to use the device
at secret.  When the device is unallocated it is placed into a state with a
context inaccessible to users.

That basically sums up the role of dev_allocator and for devices that are
acted directly on, such as dsp, is fine.  The problem arises when dealing
with devices which are meant to be mounted such as the cdrom drive.  There
are a number of issues when allocating a mountable devices and the
subsequent mounting of the device.

First is that by allocating a device which is to be mounted the operation
will typically become a priviledged one because the mount point will
normally be at System Low while the device to be mounted has a sensitivity
label above System Low.  Thus the process performing the mount will either
need to be able to read above it's effective or write below it.

Second, is the need to provide some form of coupling between the sensitivity
label of the device and the mounted filesystem.  Currently, if the device is
at Secret, unless the filesystem is mounted with a context specified, it
will be mounted at what is stated in the policy.

Lastly, from an end user's stand point, it will be a common perception that
if they allocate a device that is generally only usable when mounted then
the device should be mounted.

That pretty much sums up the issues regarding device allocation and
mountable devices.  Any thoughts on ways of dealing with these issues.

-- 
Cory Olmo
Secure Systems Engineer

Trusted Computer Solutions
121 West Goose Alley
Urbana, IL 61801

www.TrustedCS.com

V: (217) 384-0028 ext. 13
F: (217) 384-0288

More information about the redhat-lspp mailing list