Hi, I'm just thinking about a hypothetical instantiation of MSSF, and some questions occur:
1. I think most of the kernel should get the "_" label. But, my gut says the following should be off limits externally (i.e. to 3rd party apps) and should therefore get a different label: /root , /boot , /sys , /sbin. Possibly others? Is this reasonable thinking? Additionally, there may be other parts that only give up read access to external entities, as opposed to r+x? 2. What is the implication or rule for the "?" reserved label? 3. If a file or process or interface has no label is it denied all requests and also not accessible? 4. AppID and Resource Token are both a form of SMACK label. How does this translate to the rule "any access requested by a subject on an object with same label is permitted"? Can AppIDs and Tokens be both subjects and objects? Thanks, Vince
_______________________________________________ MeeGo-security-discussion mailing list [email protected] http://lists.meego.com/listinfo/meego-security-discussion
