[redhat-lspp] audit messages CAPP vs LSPP
Stephen Smalley
sds at tycho.nsa.gov
Wed Oct 5 12:45:38 UTC 2005
On Tue, 2005-10-04 at 13:08 -0400, Steve Grubb wrote:
> I was looking at the audit requirements. We need LSPP to coexist with CAPP.
> Should the user space utilities send LSPP context information all the time
> and let the kernel strip it out...or should there be a mode variable
> somewhere that it can look at to decide if CAPP or LSPP information should be
> sent?
You don't want the individual utilities modifying the security contexts
provided to them by libselinux. Now, libselinux does apply libsetrans
to all contexts prior to returning them for context translation, so you
could have different libsetrans implementations (or a single one with
multiple modes), with the one implementation/mode stripping the MLS
field and the other one not. In fact, the MCS libsetrans already does
strip the :s0 from the contexts for display to users to reduce the delta
from FC4.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list