Hello, I've struck an interesting issue on stock fedora12. When you install the MLS policy and then newrole yourself to s1 (or anything higher than s0), you can still connect to the 'net (for example, ftp somewhere). I've checked that the kernel is in enforcing mode. This clearly violates the intent of MLS, as you could easily leak confidential files this way. The question is which part is buggy? I've looked briefly into the sources of the reference policy and it seems that the necessary infrastructure is there: ports are labeled as s0, mls constraints are in place and the domains of user processes do not have mls exempts. That leaves things in a couple of options: 1) there is a bug in selinux or this feature is unsupported 2) fedora applies some patches to the policy which defeat the proper functioning 3) i have missed something Any ideas? Michal Svoboda
Attachment:
pgpB0klI1HfQi.pgp
Description: PGP signature
