[redhat-lspp] Number of level & compartments
schaufler-ca.com - Casey Schaufler
casey at schaufler-ca.com
Mon Sep 19 21:04:04 UTC 2005
Steve Grubb <sgrubb at redhat.com> wrote:
>
> Hello
>
>
> According to the LSPP spec´s we need to allow 16 levels and at least 64
> compartments (Section 5.2.6.7.c). I think the number of levels are OK, but I
> think we need the ability to have 256 compartments as a baseline. Can we do
> this?
In the real world MLS systems use either 0 compartments
(strictly heirarchical), two or three compartments (a
shared system), or a whole lot of compartments (one
per "project"). Niether 64 nor 256 are interesting values
for the number of compartments. If you care about the
"compartment per project" user you need thousands of
compartments. This has been done (Trusted Irix) but
requires more sophisticated labels than the bitmaps used
in UNICOS and Trusted Solaris. I don't know how y'all
are planning represent labels, hence I can't say what
issues you'll encounter.
------------------------
Casey Schaufler
casey at schaufler-ca.com
650.906.1780
More information about the redhat-lspp
mailing list