Stephen Smalley wrote: > The kernel MLS logic lives in security/selinux/ss/mls.c. Determining > the MLS level of a new subject or object is handled by > mls_compute_sid(). Any change would have to support either model > (inherit from source context or inherit from target context), so > logically it would be policy-driven. Which likely means an extension to > the policy language and compiler. Not an entirely trivial undertaking. I have looked at the source code and it seems that in the said function mls_compute_sid(), under the "case AVTAB_CHANGE:" and in the "else" path (tclass != SECCLASS_PROCESS) the statement mls_context_cpy_low(newcontext, scontext) would need to be changed to mls_context_cpy(newcontext, tcontext). To support the original behavior, I would add a 1/0 readable/writable file to selinuxfs, say "mls_defcontext_inherit" by mimicking the behavior of the "enforce" file and its associated r/w functions. It seems to me that this would suffice enough and it would avoid the need to modify the policy language. Would this change be acceptable? Michal Svoboda
Attachment:
pgpggqZvVnYOR.pgp
Description: PGP signature
