On Friday 23 December 2005 19:23, Arjan van de Ven <arjan(a)fenrus.demon.nl>
given that even RHEL4 can't get compatibility code.. why go
pain in the first place? Is MLS a compelling enough feature for fedora
to go through this pain? Is it even used for something or by someone in
the first place?
Firstly the vast majority of Fedora and RHEL users will never use MLS. What
they will use is MCS which is based on some of the features of MLS (it's not
a sub-set of MLS though).
MCS provides some compelling benefits in terms of managing secret data.
It allows the administrator to create a set of named "categories" for
labelling data. Each user login will have a set of categories (which may be
empty) assigned to it from the 256 available categories (we produce binary
policies that support 256 categories, the administrator can change this but
it's unlikely that they would need to).
Every file on disk will have a set of categories (which may be empty). To
access a file when running the MCS policy the process must have a set of
categories that's a superset of the categories assigned to the file.
This provides several features that are not available in any other way. One
is that a file can have multiple categories that are all required by every
process that may access it. Traditionally this is implemented by
supplemental groups and having the file in question and the directory
containing it owned by different groups such that one group is required for
directory access and another for file access.
Another feature that we are still working on is the exact method of
determining how categories are granted to processes. I'm working on a patch
that makes categories mandatory and permits a process to launch a child
process with a subset of it's categories. This permits a process to launch a
child with less access than it has (something that a non-root process can't
do with traditional Linux access control).
My NSA Security Enhanced Linux packages
Bonnie++ hard drive benchmark
Postal SMTP/POP benchmark
My home page