On Mon, Jan 27, 2014 at 11:20:23AM -0500, Stephen Smalley wrote: > On 01/26/2014 05:46 PM, Ole Kliemann wrote: > > I have written my own little socket test program. Process P1 with > > context TYPE1:RANGE1 creates a socket and listens on it. P2 with > > context TYPE2:RANGE2 connects to this socket. > > > > Process P1 accepts the connection. The socket created throught > > accept() in P1 has actually the context TYPE1:RANGE2. > > > > Is this expected behavior? > > Yes. That was the behavior desired by the MLS/LSPP community, as they > want the socket to mirror the client level for multi-level servers, and > in the single-level server case, you are only allowed to connect at the > same level. Thank you for the clarification. Is there no way to control this? To state more precisly: I can very well _connect_ to everything the policy allows me to, I then just cannot use this connection. That's a bit weird. Although I admit, the problems arise from my specific situation where I have one realm the consist of only one type but is separated by MLS and another realm that is MLS-ignorant and uses TE. All vectors running between the two realms are also only controll by TE. When I now use sockets between the MLS and non-MLS realm these connections should only be controlled by TE, but as a result of above mentioned labeling behavior, MLS suddenly gets in the way. I can imagine, in an MLS-only environment this behavior makes more sense; specificly in the case of multi-level servers. All the more desirable it would be if the policy was to make such labeling decisions at the discretion of the policy writer.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
