On Aug 29, 2008, at 8:13 AM, Stephen Smalley wrote:
On Thu, 2008-08-28 at 21:22 -0700, Casey Schaufler wrote: Trent Jaeger wrote: ...
However it sounded like you could just use setsockcreatecon(3) to achieve your goal, which would be cleaner than relabeling an existing socket.
Yes, that works for what we are doing now. I'd be curious if someone has a need beyond setting a label on creation.
Sure, any service that wants to serve clients with a variety of labels. The X server is an obvious candidate. A multi-label message bus. Label aware sendmail. xinetd. Name services (the YP/NIS of the day). Anywhere you want the label of the response to depend on the label of the request. Yes, we're talking about Trusted Applications here, and specially coded ones at that. Sometimes that's the best way.
The application doesn't have to relabel the socket to achieve that - we handle that when we compute the label for the new connection socket based in part on the label of the connecting request.
Yes, we prototyped this for xinetd (see SecureComm 2006 paper), and did not relabel the socket, but used the label of SA for the request.
Regards, Trent. ---------------------------------------------- Trent Jaeger, Associate Professor Pennsylvania State University, CSE Dept 346A IST Bldg, University Park, PA 16802 Ph: (814) 865-1042, Fax: (814) 865-3176
|
