MAC and hierarchical directory structure

Casey Schaufler casey at sgi.com
Tue Mar 7 01:01:04 GMT 2000 

"James E. Pace" wrote:
> 
> On Sat, 4 Mar 2000, Ilmar S. Habibulin wrote:
> 
> > So this makes imposiible propper use of /tmp and other same
> > directories.
> 
> HP-UX TOS (and others) make /tmp a multilevel directory.  There is an
> instace of the directory at every MAC label.  That is, there is a
> syslo /tmp, a syshi /tmp, and an everything in between /tmp.
> 
> A process (transparently) uses the one that is appropriate to its level.

Moldy (a much more fun adjective than multilevel) directories have
been implemented in a number of ways. I'll give a describing each a
shot, but I may miss one. This is one of the few places where the
POSIX MAC group couldn't come to agreement, by the way.

Sun uses a hiding directory, with hidden subdirectories. Hiding
directories are a seperate file type, they are not really directories.
Subdirectories are created spontainiously on access, and redirection
is automatic. Redirection is avoided by using a magic prefix,
".No_Hid." on the hiding directory name. Thus, to see the real entires
in /tmp one would use "% ls /.No_Hid.tmp" instead of "%ls /tmp"

SGI uses an attribute in the MAC label on a real directory to indicate
that it's moldy. Subdirectories are created spontainiously on access,
and redirection is automatic. Redirection is avoided by putting the
same moldy attribute on the process MAC label, thus creating a moldy
process. The -m option of su gives you a shell with the moldy bit on.
Thus, to see the real entires in /tmp Janet would use
"su janet -m -c 'ls /tmp'"

System V/MLS did automatic redirection, but not spontainious
subdirectory creation. Subdirectories in MLDs had to be created
by the administrator. I think, but am not 100% sure, that there
was no way for a user to avoid the redirection.

Another solution uses variable symlinks. When a special bit of
information is encountered during symlink expansion it is replaced
with some process information. One way to do this would be to replace
any path component which begins with three dollar signs ("$$$") with
the coresponding environment variable. Examples:

	/termtype ->	/usr/lib/termcap/$$$TERM
	/var/tmp ->	/var/$$$MACLABEL/tmp
	
Variable symlinks are part of the UNICOS solution, but theirs are
different from what I described above.

Several people have suggested that one create a multilevel virtual
filesystem. Others suggest adding the MAC label to the directory
entry and only showing people directory entries they dominate. The
shortcomings of these solution are left as a exercise to the reader.

Finally, you could have a "wildcard" MAC label, and give that to
/tmp. You wouldn't pass an LSPP (B1) evaluation, but your users
might be happier.

-- 

Casey Schaufler				Manager, Trust Technology, SGI
casey at sgi.com				voice: (650) 933-1634
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list