AW: Re: ext3 Filessyten in FC5-Test incompatible with other FC or RHEL versions

Russell Coker russell at coker.com.au
Sun Jan 22 21:50:27 UTC 2006


On Friday 23 December 2005 19:23, Arjan van de Ven <arjan at fenrus.demon.nl> 
wrote:
> given that even RHEL4 can't get compatibility code.. why go through this
> pain in the first place? Is MLS a compelling enough feature for fedora
> to go through this pain? Is it even used for something or by someone in
> the first place?

Firstly the vast majority of Fedora and RHEL users will never use MLS.  What 
they will use is MCS which is based on some of the features of MLS (it's not 
a sub-set of MLS though).

MCS provides some compelling benefits in terms of managing secret data.

It allows the administrator to create a set of named "categories" for 
labelling data.  Each user login will have a set of categories (which may be 
empty) assigned to it from the 256 available categories (we produce binary 
policies that support 256 categories, the administrator can change this but 
it's unlikely that they would need to).

Every file on disk will have a set of categories (which may be empty).  To 
access a file when running the MCS policy the process must have a set of 
categories that's a superset of the categories assigned to the file.

This provides several features that are not available in any other way.  One 
is that a file can have multiple categories that are all required by every 
process that may access it.  Traditionally this is implemented by 
supplemental groups and having the file in question and the directory 
containing it owned by different groups such that one group is required for 
directory access and another for file access.

Another feature that we are still working on is the exact method of 
determining how categories are granted to processes.  I'm working on a patch 
that makes categories mandatory and permits a process to launch a child 
process with a subset of it's categories.  This permits a process to launch a 
child with less access than it has (something that a non-root process can't 
do with traditional Linux access control).

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the test mailing list