[redhat-lspp] Re: What is the preferred way of setting a machines maximum sensi tivity?
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 16 20:14:09 UTC 2006
Chad Hanson wrote:
> Well, I'm not sure of the exact functionality desired in this question.
> Usually there isn't a system setting for maximum login labels, but on a per
> user basis such as part of the SELinux policy.
>
>
Maybe this is a future requirement, but when we move to destributing the
seusers file, you
could have a user be SystemLow-SystemHigh but a machine maxed out at
TopSecret. We
need to handle this.
> For remote network logins, such as sshd, there is still some work that
> should be done to log the user in at the level of the network connection,
> instead of the default user label. This would enforce that the user couldn't
> operate at a level higher than the network.
>
> Is this close to what is being requested?
>
> -Chad
>
>
>> -----Original Message-----
>> From: Daniel J Walsh [mailto:dwalsh at redhat.com]
>> Sent: Friday, June 16, 2006 2:44 PM
>> To: redhat-lspp; Stephen Smalley; Chad Hanson
>> Subject: What is the preferered way of setting a machines maximum
>> sensitivity?
>>
>>
>> We need to be able to set the maximum login sensitivity on a
>> machine in
>> such a way that the login programs and
>> network aware applications enforce this. How do you go about
>> doing this?
>>
>> Dan
>>
>>
More information about the redhat-lspp
mailing list