Keeping in mind (R1a), I wonder if it makes more sense for (OTBND1a) to take the label of the process/domain which sends the data to the socket? After all, the process/domain is the "origin" of the data.
Right. This is what "ends up" happening in the non-privileged case. In the privileged multi-level process case, the label of the data has in fact been established at the socket creation time itself, and here we are trusting the privileged multi-level process with sending data out on the right socket with the knowledge that the data would be labeled with the label of the socket.
This seems to be particularly important in the case of fork()-then-exec() where you could have a socket created at a different context from the domain currently writing to it.
It would also help to remember that there are additional process-to-socket controls (sendmsg, recvmsg) already in place in SELinux. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
