Hi, everyone: I enabled Trusted Extensions in OpenSolaris and created a labeled zone "public", whose label is PUBLIC in the default label_encodings file. When I tried to connect to a external host ( this is a unlabeled host, say, windows) from global zone, everything is OK. This is reasonable, because the global zone's label is ADMIN_LOW, and the external host used the default admin_low template and is considered a unlabeled host with the def_label ADMIN_LOW. However, I can't connect to that external host from the "public" zone, and TRuss showed that the connect syscall returned EHOSTUNREACH. I know that the "public" zone's label(PUBLIC) is different from that of the external host(ADMIN_LOW), but I'd read the <Solaris Trusted Extensions Administrator's Procedures>, in chapter 18 -- Trusted Networking, it says this check is performed on the sending process or sending zone:
When the destination host is an unlabeled host, one of the following conditions must be satisfied: ■ The sending host's label must match the destination host's default label. ■ The sending host is privileged to perform cross-label communication, and the sender's label dominates the destination's default label. ■ The sending host is privileged to perform cross-label communication, and the sender's label is ADMIN_LOW. That is, the sender is sending from the global zone. Let's focus on the second condition. According to it, if sending host is privileged to perform cross-label communication, I should be able to connect to that external host from the public zone, because PUBLIC dominates ADMIN_LOW. But in my test I failed to do so. Then how to explain this? Is this because the "public" zone is not privileged to perform cross-label communication? And if so, how can I make it privileged. By the way, if two hosts are both labeled zones and send packets with labels, how Accreditation Checks is performed? My tests showed that two labeled zone can communicate with each other only when they have the exact same labels, and the "dominance relationships" seemed meaningless. Is this how it is designed? Thanks YC Wang _______________________________________________ security-discuss mailing list [email protected]
