On Sat, Oct 16, 2004 at 09:56:41AM -0400, Alex Ackerman wrote: > capabilities of SELinux; i.e., making sure that SELinux functions as > advertised when dealing with events of escalating privilege. just a comment [other than privilege means private law]: as i understand it, there is no "escalation" present in SE/Linux, only that assigned in the minds of us humans. a good analogy for the way that SE/Linux works is door-cards and guards. outside a building, you are given a door-card by a guard: depending on whether you are on a list, your door-card will now give you access a) to an entry point into the building b) the right to go through certain doors inside that building. at _some_ doors inside the building, there will be another guard. if you attempt to go through a door (assuming your card allows you to do that), the guard will, depending on whether you are on a list, TAKE AWAY your present card and GIVE YOU A TOTALLY DIFFERENT ONE. that card might, or might not, give you the right to go back through the door you have just gone through (!). so, you can enter the university building, use your card to get into the lecture theatre, but your card is taken away from you when you enter the lecture theatre, and the card you are given only allows you to go to the toilet or to the exit out the building. in this "world", there is no "escalation" as such. certain rooms are only allowed to be accessed by certain people who have certain cards: you can only get to a certain place via a specific route if you are the right person. that's a bit different from "escalating privilege" because that implies hierarchy, which SE/Linux doesn't have, per-se. l. p.s. if this analogy sounds a bit weird, to help you tie it into selinux, the guards swapping cards at doors is managed by "domain_auto_trans".
