I've been working through the new MLS implementation (a nice improvement by the way). I see how the old method of mapping permissions to read or write is changed and instead these ideas are implemented in the constraints definitions. I like that too since a policy writer can tweak their notion of reads and writes (which given the volume of covert channels that will be present, will allow one to change how strict they want to be). My question is: although the mapping is not explicit, it is still there. In the current sample policy, has someone captured the justification for which permissions are restricted and which are not? Which are being treated as reads, writes, both or neither? Ultimately for any certifiable security policy we'll need to justify this mapping. I specially ask both to see if the model we have built into apol's permmap is consistent with the MLS mappings, as well as for the reference policy work we're doing that Karl mentioned earlier. Thanks Frank -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
