[redhat-lspp] LSPP/RBACPP requirements v.002
Stephen Smalley
sds at tycho.nsa.gov
Wed Sep 28 18:39:15 UTC 2005
On Wed, 2005-09-28 at 14:32 -0400, Steve Grubb wrote:
> On Wednesday 28 September 2005 14:20, Stephen Smalley wrote:
> > - is the context of the peer socket the right context in which to run
> > the service (at the very least, for the TE type, the answer is no)?
>
> No.
Going back to the requirement document posted by George, it says for
this item: ""Patch xinetd to obtain label from inbound connections and
spawn child daemons with correct context." To me, that means that
xinetd is computing a context based on the inbound connection label
(likely using the level from it in combination with the usual
security_compute_create computation to get the domain transition). I
think that the idea is that if you connect to a server running at
secret, the service is run at secret as well automagically. Which
sounds nice in some cases, but not necessarily what you want always.
> xinetd's purpose in life is to start apps with the right environment &
> permissions. The admin would have to configure the context that the program
> would start in. Anything other than this is not really what xinetd does.
Ok, that is not what is described in the requirements document that was
posted.
We'll see when TCS posts the patch what it is actually doing.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list