[redhat-lspp] multilevel cron

[Casey Schaufler]

--- Janak Desai <janak at us.ibm.com> wrote:


> I was afraid you folks were going to say that :-).
> It's just
> that it is easier to look at the polyinstantiated
> cron subdirectory
> context to obtain the MLS label of the process that
> created it, but
> not so easy to surmise its role/domain. However, I
> do see yours and
> Casey's point and will come up with a general
> multi-context cron
> mechanism. I have some ideas which I will bounce off
> of this and
> selinux mailing lists. Once we nail down the
> approach, I will
> implement and post appropriate patches for review.

I've implemented MLS cron at least three times
and I recommend against using polyinstatiated
directories for crontab storage. It's the obvious
approach but does not turn out to be as helpful
as you might think. Especially dealing with role
and/or domain attributes in addition to
sensitivity. The possibility of a large number
of role/sensitivity/userid combinations strongly
suggests you will be better off with an expanded
crontab format that includes the required
attribute information. Unfortunately, such
crontabs will have to be access controlled to
prevent a Secret user from reading her own TS
entries, but "all that requires" is some smarts
in the crontab command. The cron daemon itself
could recognize the "classic" format and use
well documented attribute values in support of
backward compatability.

Good luck. When you're done we can compare scars.




Casey Schaufler
casey at schaufler-ca.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com