On Thu, Jun 29, 2006 at 10:16:36AM +0100, David Howells wrote: > Klaus Weidner <[EMAIL PROTECTED]> wrote: > > The testing would be for compliance with LSPP, in this case that the > > syscalls properly implement mandatory access control and generate correct > > audit records. > > And you think this testing _wouldn't_ be appropriate for the key management > interface?
The kernel key management isn't widely used at the moment. Defining the evaluated configuration for Common Criteria testing generally involves some tradeoffs to keep the scope manageable, for example supporting only a single filesystem type. The key rings would require a large amount of documentation and testing which doesn't seem justified for the evaluation considering that it's a feature that the people currently using MLS systems don't expect to be present. This doesn't mean that the features not looked at are in any way bad or insecure, but you have to draw the line somewhere given how many things the Linux kernel can support. > > Is there any clean way to disable them at runtime for non-admins, maybe a > > SELinux constraint? It would save a lot of work for the evaluation... > > Well, you can compile them out of your kernel. The evaluation needs to use the shipped RHEL kernel so that the results are applicable to people who use that, so recompiling is unfortunately not an option. That's why I was asking for a runtime method. They wouldn't need to be completely gone, just inaccessible to the non-administrative users. -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
