[redhat-lspp] Re: Initial MLS Label Printing Support
Janak Desai
janak at us.ibm.com
Tue Aug 16 18:19:24 UTC 2005
Steve Grubb wrote:
> On Tuesday 16 August 2005 13:30, Janak Desai wrote:
>
>>Just verified that the lpr client opens and reads the file, reads it to
>>a buffer, creates a connection to cups server using a socket and transfers
>>the file to the server by writing the buffer to the socket.
>
>
> So what label does the socket have? FDP_ETC.2.2 seems to say that exported
> data should have the data's label.
>
The socket is labeled with the label of the creating process, which is the
standard BLP thing of objects inheriting the label of the process that
creates them. I am not sure how we handle FDP_ETC.2.2. We would need
trusted networking extensions where you can label individual network
packets or we have to manipulate the socket label before sending the
file.
-Janak
More information about the redhat-lspp
mailing list