MCS -- some comments for discussion

Gene Czarcinski gene at czarc.net
Sun Nov 6 20:00:27 UTC 2005 

I have started (really just started) to try using the MCS capabilities 
available in FC5 development.  As I go through this, some thought occur to 
me:

1.  MCS is intended (as I understand it) to simplify some of the capabilities 
of the MLS functionality which is now in (or being developed) in FC5.  This 
simplification is intended to make the functionality more acceptable/useable 
by a wider set of users.  This is goodness!  This should make an actual MLS 
system (which stays current) much more possible.

2.  As I see it, MCS is "simply" another type of ACL but one which (to me) is 
a better design (more useable) than the existing ACL capability.  However, 
whereas I can categorize (protect) both files and directories with ACL, I can 
currently only categorize (protect) files (not directories) with MCS.  I 
consider this to be a problem/deficiency.

Consider that when I create new application files (e.g, with openoffice.org), 
they will not have a category assigned by default.  This could leave a 
sensitive file available for others to access.  With directory protection, 
this could be mitigated.

3.  Roles ... right now I don;t see much use of roles in MCS.  Now this might 
be an RFE which will be done later (after stuff basically works), but I see 
that one way of using MCS would require a user to be able to switch to 
different roles ("newrole") in order to access files and directories with 
different categories.

The "requirement" is to be able to switch roles and have "all" programs that 
invoke from that point on run with the new role ... including programs I run 
from the menu.

Right now, the easiest way I see of having different roles is to have 
different userids and requiring a user to logout/login with the new userid to 
switch roles.  This is for gdm login (gdm could be modified to permit 
specification of the role).  If I use runlevel 3, then I could terminate X, 
switch roles with "newrole,", and then startx to run in the new role.

OK, these are some of my initial reactions ... comments (good, bad, 
indifferent) solicited.

Gene

More information about the selinux mailing list