-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/08/2011 01:55 PM, Ramon de Carvalho Valle wrote: > Hi Daniel, > > On 04/06/2011 04:57 PM, Ramon de Carvalho Valle wrote: >>> I don't see how this would be ok. The sad part is I would argue dynamic >>>> labeling is more secure the static labeling. >> The result is that most of the tests for the evaluation does not apply >> to the MLS policy (I will send them in a separate email). > >>>> >>>> If you label to virt machines as TopSecret, a compromized TopSecret >>>> Machine could attack all the virtual Machines that are running as >>>> TopSecret. In Dynamic labeling all virtual machines are isolated. >>>> >>>> I guess you could carve up a subsection of the MLS/MCS namespace and >>>> allow libvirt to set labels in those zones. But the idea of an app >>>> randomly changing the label of a file/device on the fly, is not what MLS >>>> tends to like. >> This may be something that is not desirable. However, the default MLS >> dominance could be changed to have one sensitivity excluded from the >> dominance hierarchy (or a new sensitivity be added). Thus, for that >> removed (or new) sensitivity, libvirt could execute with dynamic >> labeling enabled. > What you think of the implementation of a sensitivity s16 (or sv) out of > the s0-s15 hierarchy? The argument would be that a virtual machine must > be considered as a single isolated physical device, and is not part of > the MLS logical hierarchy of objects in the host. > > Best regards, > We could do that, but it is not MLS, at that point. It would involve some engineering of libvirt and some policy rewrite to allow MLS values of > s15. I am not sure what the definition of SystemHigh would be then. I think it would be best if this was brought up for discussion on a public list like SELinux <selinux@xxxxxxxxxxxxx> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEUEARECAAYFAk2fVqAACgkQrlYvE4MpobM4SgCgmjBMJ7AcQjuaOR9T36ZO2KZ/ u/sAliDiRRN0i34hSutOywuBpAa2cLg= =IJ63 -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
