MCS -- some comments for discussion
Gene Czarcinski
gene at czarc.net
Sun Nov 6 20:00:27 UTC 2005
I have started (really just started) to try using the MCS capabilities
available in FC5 development. As I go through this, some thought occur to
me:
1. MCS is intended (as I understand it) to simplify some of the capabilities
of the MLS functionality which is now in (or being developed) in FC5. This
simplification is intended to make the functionality more acceptable/useable
by a wider set of users. This is goodness! This should make an actual MLS
system (which stays current) much more possible.
2. As I see it, MCS is "simply" another type of ACL but one which (to me) is
a better design (more useable) than the existing ACL capability. However,
whereas I can categorize (protect) both files and directories with ACL, I can
currently only categorize (protect) files (not directories) with MCS. I
consider this to be a problem/deficiency.
Consider that when I create new application files (e.g, with openoffice.org),
they will not have a category assigned by default. This could leave a
sensitive file available for others to access. With directory protection,
this could be mitigated.
3. Roles ... right now I don;t see much use of roles in MCS. Now this might
be an RFE which will be done later (after stuff basically works), but I see
that one way of using MCS would require a user to be able to switch to
different roles ("newrole") in order to access files and directories with
different categories.
The "requirement" is to be able to switch roles and have "all" programs that
invoke from that point on run with the new role ... including programs I run
from the menu.
Right now, the easiest way I see of having different roles is to have
different userids and requiring a user to logout/login with the new userid to
switch roles. This is for gdm login (gdm could be modified to permit
specification of the role). If I use runlevel 3, then I could terminate X,
switch roles with "newrole,", and then startx to run in the new role.
OK, these are some of my initial reactions ... comments (good, bad,
indifferent) solicited.
Gene
More information about the selinux
mailing list