On Wed, 2006-11-08 at 08:31 -0500, Joshua Brindle wrote: > > From: James Antill [mailto:[EMAIL PROTECTED] > > > > On Wed, 2006-11-08 at 01:32 -0500, Joshua Brindle wrote: > > > James Antill wrote: > > > > Here is the policy changes needed for the context > > contains security > > > > checking in PAM and cron. > > > > > > > > > > er, where did this come from? I haven't seen any discussions about > > > this and have no idea what its about (perhaps I've just > > totally missed > > > it somehow though..) > > > > The gory details were under the thread "MLS enforcing PTYs, > > sshd, and newrole" > > > > Ah, well that explains it, that thread was way too long and had MLS in > the subject..... > > Any way I could get a summary/conclusion and description of the new > permission?
If we allow users to enter a level at login time (or specify a level for a cron job), then we need to check that the Linux user was authorized for that level (based on seusers). As this gets into level comparisons, which are policy-specific, it requires a permission check to the security server. The check is applied between a context generated from the seusers entry for the user and the context modified with the user-specified level. The TE policy then authorizes it for the self relationship (since the types are the same in both contexts), and the MLS constraints ensure that the user-specified level is within the seusers-specified clearance. Same basic idea as the existing context translate permission used to similarly check the ability of the user to translate a given MLS level. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
