HEADS UP: PERFORCE change 8204 for review (fwd)
Robert Watson
rwatson at FreeBSD.org
Tue Apr 2 03:06:43 GMT 2002
On Mon, 1 Apr 2002, Ilmar S. Habibulin wrote:
> On Mon, 1 Apr 2002, Stephen Smalley wrote:
>
> > > For ex.: biba/level_1[comp_a,comp_b,comp_d](low-high)
> > In the SELinux MLS implementation, each level consists of a sensitivity
> > and an optional compartment set, and a range is a pair of levels, so
> > compartments are part of ranges. The syntax of the text label
> > component for the MLS policy is as follows:
> >
> > level -> sensitivity ':' categoryset
> > | sensitivity
>
> Well, this simplifies implementation on the one hand. The label growth
> is on the other. And we can't use ':' delimeter, because it is standart
> for login.conf.
My current thought on this is that login.conf will not be the long-term
home of this labeling information. I know you have done work to
investigate a seperate MAC database, and I think that's the way to go.
I've asked Adam Migus, who recently joined the CBOSS Project at NAI Labs,
to spend some time investigating the prior art and parallel work regarding
application integration, and the handling of user/label relationships will
be part of that.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org NAI Labs, Safeport Network Services
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list