RE: No Read Up No Write Down

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
 
The MLS policy is defined via the MLS contraints file (http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/mls).  The default MLS policy in SELinux a modified Bell-LaPadula that enforces "no read up, write equal".
 
The process clearance label isn't going to really come up into play for these access decisions, the effective SL of process is the key factor being utilized, as known as "l1" in the mls constraint language. 
 
The type of the process of the process is very important when analyzing the results. There are certain types, such as sysadm_t, which have mls privileges, such as mlsfileread (http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/modules/system/userdomain.if#L1214).
 
All of this impacts the ability to read and write files on the system.
 
A couple fo slidesets on the MLS implementation are available below....
http://selinux-symposium.org/2005/presentations/session3/3-3-hanson.pdf
http://selinux-symposium.org/2006/slides/08-mls.pdf
 
-Chad 


From: fedora-selinux-list-bounces@xxxxxxxxxx [mailto:fedora-selinux-list-bounces@xxxxxxxxxx] On Behalf Of Mohammad zoroufi
Sent: Thursday, April 23, 2009 6:45 AM
To: fedora-selinux-list@xxxxxxxxxx
Subject: No Read Up No Write Down

Dear All,
After switching on SELinux in MLS enforcing mode, I'd like to know how the slogan of "no read up, no write

down" works.
I created some text files with the following descriptions
TestFile_S0        system_u:object_r:usr_t:s0
TestFile_S0C2   system_u:object_r:usr_t:s0:c2
TestFile_S1        system_u:object_r:usr_t:s1
TestFile_S2        system_u:object_r:usr_t:s2
TestFile_S2C11  system_u:object_r:usr_t:s2:c11
TestFile_S2C5    system_u:object_r:usr_t:s2:c5
TestFile_S3         system_u:object_r:usr_t:s3
TestFile_S3C14   system_u:object_r:usr_t:s3:c14
TestFile_S3C5     system_u:object_r:usr_t:s3:c5
After creating these text file, I went to create users having different security clearance;
The clearance of each created user is listed bellow:

Login Name    SELinux User        Role            MLS/MCS Range
first                    x_first                xguest_r                s0
second               x_second           sysadm_r       s3-s3:c5.c15
third                   x_third               sysadm_r       s1:c3.c15-s3:c5.c10
forth                   x_forth               system_r           s1-s1:c0.c10
root                    root                   system_r        s0-s15:c0.c1023

having the clearance delegated for each user I expect user first have read write access to TestFile_S0 and just
write access to all other files; user second have read access to files such as TestFile_S0, TestFile_S0C2,
TestFile_S2, TestFile_S2C5, TestFile_S2C11 and only write access to TestFile_S3, TestFile_S3C14.
when I switch to MLS enforcing mode I see something else.
These users have no permission to write to files they expect they have write access to.
I'd like to know the where this problem originates
Moreover when user first wants to take a list of the directory contents only TestFile_S0, TestFile_S1,
TestFile_S2 are listed not else; user second sees TestFile_S0, TestFile_S1, TestFile2, TestFile3; users
third and root sees all files; user forth sees just TestFile_S0 not more.
I don't know why such lists are taken when I'd like to take a list.
Any comment is wellcome

Best Regards
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux