Andy Warner wrote: > > > Joshua Brindle wrote: >> >> SELinux doesn't have a built in mechanism, > > By built in mechanism I meant exactly what you describe below. Maybe it > wasn't the best choice of words. The SELinux policy (the MLS policy) > provides a mechanism for the policy writer to assign the ability to > violate B&L information flow. Thus, it would be redundant for the > db_database object to have a permissions for something like "read-up", > etc. If I were to compare that with the Trusted Solaris type policy > mechanism, there was no such mechanism. Our DB would have to perform the > dominance check for an operation, then decide ourselves if the user had > sufficient authorizations to violate B&L. With the current SELinux MLS > policy, all of that is done with one access check. The mac override type > privilege you would see in TSol 8, etc would allow a process to perform > some operation while ignoring the mac policy. This does not help our DB > make a policy decision on a subject as they access a DBMS object. This is absolutely correct, we want to use policy to specify mls exceptions rather than having the policy spread through several object managers, this makes it possible to do an analysis on the policy and actually see the information flow through all object managers. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
