[redhat-lspp] device allocation and mountable devices

Debora Velarde dvelarde at us.ibm.com
Thu Apr 6 22:27:44 UTC 2006 

redhat-lspp-bounces at redhat.com wrote on 04/03/2006 08:50:48 AM:

> I was asked to post a problem facing device allocation and mountable 
devices
> to the list so that people become aware of it.
> 
> A quick introduction to the dev_allocator.  The device allocator is made 
up
> of two command line tools.  The first is an admin tool which allows 
devices
> to be configured as user allocatable devices.  An admin is able to
> configure a device such as the dsp device to be allocatable to a user
> within a given SL range, such as unclassified to top secret.  The second
> tool is the dev_allocator which allows users to request the allocation 
and
> unallocation of configured devices.  The tool allows a normal user to
> request the dsp device be allocated at secret and be able to use the 
device
> at secret.  When the device is unallocated it is placed into a state 
with a
> context inaccessible to users.
> 
> That basically sums up the role of dev_allocator and for devices that 
are
> acted directly on, such as dsp, is fine.  The problem arises when 
dealing
> with devices which are meant to be mounted such as the cdrom drive. 
There
> are a number of issues when allocating a mountable devices and the
> subsequent mounting of the device.
> 
> First is that by allocating a device which is to be mounted the 
operation
> will typically become a priviledged one because the mount point will
> normally be at System Low while the device to be mounted has a 
sensitivity
> label above System Low.  Thus the process performing the mount will 
either
> need to be able to read above it's effective or write below it.
> 
> Second, is the need to provide some form of coupling between the 
sensitivity
> label of the device and the mounted filesystem.  Currently, if the 
device is
> at Secret, unless the filesystem is mounted with a context specified, it
> will be mounted at what is stated in the policy.
> 
> Lastly, from an end user's stand point, it will be a common perception 
that
> if they allocate a device that is generally only usable when mounted 
then
> the device should be mounted.
> 
> That pretty much sums up the issues regarding device allocation and
> mountable devices.  Any thoughts on ways of dealing with these issues.
> 
> -- 
> Cory Olmo

If 'mount' is a privileged command, couldn't the mount occur when the 
administrator adds the
device with the 'dev_allocator_config' command?  The mount point could be 
defined for that 
device in the XML configuration file.  Then the user could gain access to 
that 
mount point when they run 'dev_allocator' to allocate the device.  The 
'dev_allocator' command 
could inform the user of what the mount point is for that device.

-debbie

More information about the redhat-lspp mailing list