Eamon Walsh wrote:
Glenn Faden wrote:
This is my first posting to this alias, so let me start by
introducing myself. I'm a Distinguished Engineer in the Solaris
security organization, and I'm the original architect for Sun's
multilevel X11 server. I have worked on this problem since 1990, and
have designed three multilevel desktops (Open Look, CDE, and GNOME)
One of the biggest challenges in adding fine-grained policy to the
X11 server is to make the policy transparent to existing X11 clients.
Probably the most critical design decision we made was with respect
to root window resources. By default, all root window properties are
polyinstantiated by both label and uid. For SELinux, the equivalent
policy would be polyinstantiation by security context (not just MLS
label). An exception list of single-instance root-window properties
is enumerated in a policy file.
We have found that the list of exceptions is much smaller than the
list that should be polyinstantiated.
Hello. I am not opposed to the idea of polyinstantiated properties.
Although our approach has always been to attempt to fix applications
to work within the secure environment first, it looks like this is a
case where polyinstantiated is needed.
"Fixing" applications to work in a secure environment implies that they
are currently broken. It seems that the policy is broken if it prevents
commonly used applications from working. Isn't the purpose of policy
development to improve the safety of existing applications?
Our long-term goal is to make applications aware of and responsive to
the security environment, particularly applications that could
themselves be multi-level such as e-mail, web, office.
Certainly the environment should support multilevel applications, but I
these are exceptions. Virtually all applications should work without
modification at a single level.
--Glenn
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
