Hey SELinux fans,
I've been playing with MLS on a test box. The "read down/write up"
model makes total sense, but i'm running up against an odd problem set
and trying to figure out how to best work this into an SELinux policy
/ configuration.
I'm interested in having a demon that operates at multiple sensitivity
levels depending on the security context of the peer network
connection (within the same process, ideally, otherwise maybe
threads?).
I'm able to use NetLabel and CIPSO to mark packets with the desired
sensitivity level, and I'm able to get that level via `getpeercon`
during a network connection, but that connection's context hasn't been
dominated by my process's. I'd like to either get that "combined"
context (for instance, if my daemon is s0-s3:c1.c3 and the peer
connection is s2-s15:c3, I'd like to see the value `s2.c3`), or to
actually assume that role (to prevent reading/writing where it's not
supposed to).
Has anyone done something like this before? I have to imagine yes --
but a lot of the docs out there are for things like HTTP Servers,
where you can operate at a high sensitivity for everyone, since the
only data you're writing out is high sensitivity data, and you can
read/serve any other data.
I'm looking for an example where based on categories, the HTTP Server
will only serve files contained within the peer's context's
categories.
paultag
