SELinux and the Desktop
Stephen Smalley
sds at epoch.ncsc.mil
Wed Oct 13 17:59:02 UTC 2004
On Wed, 2004-10-13 at 11:20, Steve Coleman wrote:
> This does bring to mind a burning question I have always had reguarding
> some applications such as Java where the binary itself is too open ended
> and where as the compiled class files, script file, or data dictate what
> the runtime will do. I assume that many desktop environments (take your
> pick) will have some form of builtin scripting support. How does SELinux
> deal with these VM's? Is there any good docs online that discuss the
> problems and current solutions that these present? Do they get their
> security context from the script or data streams?
>From the program/script. Transitions can occur on scripts (if they are
exec'd), but the caller domain needs to be trusted with respect to the
new domain (e.g. shedding permissions) in that case due to the lack of
safety in script execution.
Note that SELinux provides the necessary API to support userland policy
enforcers, so a userspace VMM can be modified to use that API to obtain
policy decisions to be applied to its internal abstractions which are
not directly visible to the OS itself. dbus and X (but unfortunately
not the X in Fedora yet) have been modified to use that API to enforce
policy over their abstractions. This allows for layered security, with
the OS providing process-level confinement and the higher level object
managers refining that control.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list