--- Klaus Weidner <[EMAIL PROTECTED]> wrote:
> Hello, > > currently the MLS policy supports multilevel objects > (using a range where > the upper level is not equal to the lower level), > for example > directories, sockets, and character devices. Unix MLS systems address these cases thus: Directories: To modify a directory (e.g. create a directory entry) you must be at the same MLS label as the directory (which has only one label) and the new object gets the label of the process. Trusted Solaris adds a mkupdir(2)* syscall that takes a label as a parameter and sets the label of the new directory to that passed, assuming a set of conditions are met. These conditions include that the new label dominate the process label, and that the user is cleared for it. Trusted Irix allows a user to relabel an existing directory, again under constraints, including that the user is cleared for the new label, it dominates the old label, and that the directory is empty. Sockets: Sockets get the label of the process, period. Privilege may be used to modify a variety of the aspects of incoming and outgoing packet access. The TSIX api proved quite handy. Devices: Since /dev/tty, ptys, null, zero, all demonstrate quirky behaviors they are treated independently. Trusted Irix takes advantage of it's label type scheme to address these, while Trusted Solaris pretty much hard codes each as a special case. The Orange Book talks about label ranges on file systems, not individual objects, and on devices in the context of the labels they may have, but only one at a time. I would be interested to see how they would be argued to satisfy the B&L sensitivity requirements. ----- * I think that's the name. It's been a while. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
