[redhat-lspp] device allocation and mountable devices
Debora Velarde
dvelarde at us.ibm.com
Thu Apr 6 22:27:44 UTC 2006
redhat-lspp-bounces at redhat.com wrote on 04/03/2006 08:50:48 AM:
> I was asked to post a problem facing device allocation and mountable
devices
> to the list so that people become aware of it.
>
> A quick introduction to the dev_allocator. The device allocator is made
up
> of two command line tools. The first is an admin tool which allows
devices
> to be configured as user allocatable devices. An admin is able to
> configure a device such as the dsp device to be allocatable to a user
> within a given SL range, such as unclassified to top secret. The second
> tool is the dev_allocator which allows users to request the allocation
and
> unallocation of configured devices. The tool allows a normal user to
> request the dsp device be allocated at secret and be able to use the
device
> at secret. When the device is unallocated it is placed into a state
with a
> context inaccessible to users.
>
> That basically sums up the role of dev_allocator and for devices that
are
> acted directly on, such as dsp, is fine. The problem arises when
dealing
> with devices which are meant to be mounted such as the cdrom drive.
There
> are a number of issues when allocating a mountable devices and the
> subsequent mounting of the device.
>
> First is that by allocating a device which is to be mounted the
operation
> will typically become a priviledged one because the mount point will
> normally be at System Low while the device to be mounted has a
sensitivity
> label above System Low. Thus the process performing the mount will
either
> need to be able to read above it's effective or write below it.
>
> Second, is the need to provide some form of coupling between the
sensitivity
> label of the device and the mounted filesystem. Currently, if the
device is
> at Secret, unless the filesystem is mounted with a context specified, it
> will be mounted at what is stated in the policy.
>
> Lastly, from an end user's stand point, it will be a common perception
that
> if they allocate a device that is generally only usable when mounted
then
> the device should be mounted.
>
> That pretty much sums up the issues regarding device allocation and
> mountable devices. Any thoughts on ways of dealing with these issues.
>
> --
> Cory Olmo
If 'mount' is a privileged command, couldn't the mount occur when the
administrator adds the
device with the 'dev_allocator_config' command? The mount point could be
defined for that
device in the XML configuration file. Then the user could gain access to
that
mount point when they run 'dev_allocator' to allocate the device. The
'dev_allocator' command
could inform the user of what the mount point is for that device.
-debbie
More information about the redhat-lspp
mailing list