[redhat-lspp] RE: [PATCH] MLS context contains policy/libselinux changes
Stephen Smalley
sds at tycho.nsa.gov
Wed Nov 8 14:00:19 UTC 2006
On Wed, 2006-11-08 at 08:31 -0500, Joshua Brindle wrote:
> > From: James Antill [mailto:jantill at redhat.com]
> >
> > On Wed, 2006-11-08 at 01:32 -0500, Joshua Brindle wrote:
> > > James Antill wrote:
> > > > Here is the policy changes needed for the context
> > contains security
> > > > checking in PAM and cron.
> > > >
> > >
> > > er, where did this come from? I haven't seen any discussions about
> > > this and have no idea what its about (perhaps I've just
> > totally missed
> > > it somehow though..)
> >
> > The gory details were under the thread "MLS enforcing PTYs,
> > sshd, and newrole"
> >
>
> Ah, well that explains it, that thread was way too long and had MLS in
> the subject.....
>
> Any way I could get a summary/conclusion and description of the new
> permission?
If we allow users to enter a level at login time (or specify a level for
a cron job), then we need to check that the Linux user was authorized
for that level (based on seusers). As this gets into level comparisons,
which are policy-specific, it requires a permission check to the
security server. The check is applied between a context generated from
the seusers entry for the user and the context modified with the
user-specified level. The TE policy then authorizes it for the self
relationship (since the types are the same in both contexts), and the
MLS constraints ensure that the user-specified level is within the
seusers-specified clearance. Same basic idea as the existing context
translate permission used to similarly check the ability of the user to
translate a given MLS level.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list