On Thu, May 14, 2020 at 8:45 AM Paul Tagliamonte <paultag@xxxxxxxxxx> wrote: > > Hey SELinux fans, > > I've been playing with MLS on a test box. The "read down/write up" > model makes total sense, but i'm running up against an odd problem set > and trying to figure out how to best work this into an SELinux policy > / configuration. > > I'm interested in having a demon that operates at multiple sensitivity > levels depending on the security context of the peer network > connection (within the same process, ideally, otherwise maybe > threads?). > > I'm able to use NetLabel and CIPSO to mark packets with the desired > sensitivity level, and I'm able to get that level via `getpeercon` > during a network connection, but that connection's context hasn't been > dominated by my process's. I'd like to either get that "combined" > context (for instance, if my daemon is s0-s3:c1.c3 and the peer > connection is s2-s15:c3, I'd like to see the value `s2.c3`), or to > actually assume that role (to prevent reading/writing where it's not > supposed to). Joshua Brindle recently contributed a change that may get you what you want: https://github.com/SELinuxProject/selinux/commit/9ba35fe8c280b7c91ec65b138d9f13e44ededaa9 Here is the corresponding kernel change: https://github.com/torvalds/linux/commit/42345b68c2e3e2b6549fc34b937ff44240dfc3b6 The kernel change is in 5.5+ it seems, so you'll probably want to use libsepol in your application. Hope this helps. -- Mike Palmiotto https://crunchydata.com
