Posix P1003.1e/2c Implementation example source
Casey Schaufler
casey at sgi.com
Tue Feb 22 17:45:45 GMT 2000
"Ilmar S. Habibulin" wrote:
>
> On Mon, 21 Feb 2000, Casey Schaufler wrote:
>
> > That would be in src/mac/lib/mac_util.c
> Thanks. I'll take a look at this file.
>
> > sensitivity::
> > <msentype> ||
> > <level>[,<category>]... ||
> > <msentype>,<level>[,<category>]...
> >
> > integrity::
> > <minttype> ||
> > <grade>[,<division>]... ||
> > <minttype>,<grade>[,<division>]...
> O, i thought that categories are in brakets. Can we use this as an example
> for freebsd posix implementation?
More examples of Trix MAC label specifications:
dblow (an alias)
secret/select (types assumed to be msentcsec/mintbiba
in which case "secret" must be a level
and "select" must be a grade)
secret,sauce,topping,crust/select
(level secret, categories sauce, topping, crust)
msenhigh/mintlow
(ultimate high sensitivity, low integrity)
The code is GPL, so those rules must be followed to use the code.
The documents describe the implementation, so you should be able
to derive behavior if GPL is too restrictive.
> > Aliases are defined (in Trix 6.5.x) in /etc/mac. An example:
> > userlow:alias:msentcsec,unclassified/mintbiba,lowestgrade
--
Casey Schaufler Manager, Trust Technology, SGI
casey at sgi.com voice: (650) 933-1634
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list