PERFORCE change 20064 for review
Brian F. Feldman
green at freebsd.org
Thu Oct 24 19:44:24 GMT 2002
Robert Watson <rwatson at FreeBSD.org> wrote:
> Note that this is arguably incorrect for all policies but LOMAC, since
> "fail stop" is the desired behavior for Biba, MLS, SELinux, and others.
> This is why I changed the default for cow to off. We should look into a
> way to provide both what LOMAC and the other policies need, perhaps by
> having two entry points: one for the purpose of downgrading with COW, one
> without. In particular, pay attention to cases like:
>
> LOMAC wants to downgrade write to read-only
> Biba wants to remove write entirely
>
> The desired composition in this case is probably the Biba result.
Well, note that nothing at all was enforced previously, and only LOMAC is
capable of requesting downgrade at the moment, so this is effectively a
LOMAC option, but in the wrong place :) I think the simple solution would
be adding an int *dontCOW argument, and in policies which would like to
revoke without COW something like:
if (shouldrevoke(subj, obj)) {
*perms &= ~VM_OBJECT_READ;
if (I_should_not_COW)
++*dontCOW;
}
--
Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\
<> green at FreeBSD.org <> bfeldman at tislabs.com \ The Power to Serve! \
Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list