[redhat-lspp] Objects
Steve Grubb
sgrubb at redhat.com
Mon Sep 19 19:51:42 UTC 2005
Hello,
I have finished reviewing all the LSPP/RBAC requirements. During the process,
I found a new system resource that might be considered an object. There is a
new api for managing keys in the kernel. The keys can be for a thread,
process, session, user, or group. It is manipulated via keyctl. I was
wondering if this needs to be labeled and treated like any other object?
Also, how do we feel about signals? They are used as IPC mechanisms and there
are DAC checks before allowing the signal to be delivered. Are these labeled?
Would these be considered objects? Would it be reasonable to protect secure
apps from being sent a signal from any old root process?
-Steve
More information about the redhat-lspp
mailing list