On Tue, Sep 27, 2011 at 12:06 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On Sat, 2011-09-24 at 18:05 -0400, David Windsor wrote: >> On Fri, Sep 23, 2011 at 11:07 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> >> <snip> >> >> >> >> >> level_default file fromsource; == MLS; >> >> level_default file fromtarget; == MCS; >> >> >> >> Anyone want to step forward and implement? :^) >> > >> > Need to distinguish low vs high. In MLS, you want to inherit the low >> > level of the source/subject/process. >> > >> > Also, do you want the MCS behavior for all types or selectively? For >> > example, if a svirt_t:s0:c256,c387 process creates a file in a :s0 >> > directory (is that even possible?), do you really want that file to >> > be :s0? >> > >> >> Couldn't you use a range_transition in this case to specify an >> exception to the default behavior for category inheritance? >> >> AFAICS, using rules such as (user|role|type|level|range)_default, >> we're only specifying default labeling behaviors for the different >> fields of a context. More specific *_transition rules can exist in >> policy that should override any defaults defined elsewhere. > > range_transition would only let you specify things like "When files are > created by a process with domain D in a directory with type T, the range > should be set to R.". Not rules of the form "Files created by processes > in domain D1 should inherit their level from their creator while files > created by processes in domain D2 should inherit their level from the > parent directory." > > -- > Stephen Smalley > National Security Agency > I realize that the semantics of the two rules are different. I'm wondering about the precedence of *_default rules: given a policy in which conflicting labels are calculated for a newly created object of a certain type, do *_default rules take precedence? For instance, suppose the following rules: range_default D1_t file use_source; range_transition D1_t T_t:file R; The first rule specifies that newly created files by processes in the D1_t domain should inherit the range of the source/creating process. The second rule specifies that files created by a process in the D1_t domain in a directory labeled T_t should have a range of R. This seems to create a conflict for deciding the range of files created by processes labeled D1_t in a directory labeled T_t. What should happen here? I would think that the more specific range_transition rule, which specifies both the type of the creating process and the type of the parent directory, would dictate the labeling of the created file and that the range_default rule specifies labeling in the default case. -- PGP: 6141 5FFD 11AE 9844 153E F268 7C98 7268 6B19 6CC9 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
