PERFORCE change 5831 for review

Fri Jan 25 08:12:23 GMT 2002

I Cc: it to discuss.

On Thu, 24 Jan 2002, Robert Watson wrote:

> > > > Does this actually work?  The label retrieved from login.conf will include
> > > > label ranges, but the tty as an fs object only has _single elements.
> > > > Also, we need to find some way for TE to know what label to stick on the
> > > > tty, although I'm not sure what that is.  We should probably investigate
> > > > how SELinux handles it -- probably a userland policy file or something.
> > > I think that label setting separation would solve problem some how. MLS
> > > and Biba are clear models, but TE needs different approach, so it's better
> > > to separate it from the others. I we have a ability to set labels for each
> > > policy independently, then maybe ttys TE label can be set-and-forget at
> > > startup or system installation.
> >
> > How about simply splitting the labels in login.conf into one for ttys
> > and one for processes?  I'll implement that now in lieu of something
> > more complex; we can see if it's really any inconvenience.
>
> I think this is a reasonable stop gap measure until we figure out the
> Right Solution.  I tend to agree with Ilmar that we will want to be able
> to have application set only the components of an overall label that they
> understand, rather than always having to set all of the label.  I did some
> initial prototyping of such an arrangement, but it requires a substantial
> expansion of the generality of the MAC interfaces that I'm not sure we're
> quite ready for yet.  Until the framework is more complete, I think we
> should continue to run with the current system call API, as we come to
> understand more of the requirements.
IMHO, just have to add some checks to relabel code. If app specifies
partially undefined label, then set just defined parts.
Also you need to change mac_text code to handle partly specified labels.
I can handle it, if you want.

> > > And one more thing - init(8) should set labels to default states.
> >
> > I don't think so.  The boot process should result with all labels set to
> > a reasonable default state, and getty can reset them after login has
> > changed them.
>
> There may be ordering issues in the boot process that we need to address
> here, also.
My init relabels tty device nodes in del_session(), i thought it was
cleanup function after user logout.

> For now, since TE is not completely specified, assign seperate labels
> based on login.conf, and just set the TE object label component to tty_t
> or something related.  As long as TE is disabled, we can continue to
> explore the impact of the other policies on object labeling decisions.
And what does guys upstairs saying about their TE implementation?

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message