[redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole
Casey Schaufler
casey at schaufler-ca.com
Mon Oct 23 16:39:04 UTC 2006
--- James Antill <jantill at redhat.com> wrote:
> On Thu, 2006-10-19 at 09:30 -0400, Stephen Smalley
> wrote:
>
> > pam_selinux used to have support to let the user
> pick from the list of
> > reachable contexts for the user. So you could
> just restore that
> > support.
>
> So, in summary of the discussion, having
> pam_selinux let the user pick
> the TE and Sensitivity separately (much as it does
> now if
> get_ordered_context_list_with_level() fails) is the
> valid approach?
On Trix you can specify the MAC and Capabilities
this way, so it seems you ought to be able to
specify Sensitivity and TE on SELinux.
> > That doesn't address sshd though. Or gdm. sshd
> shouldn't be too
> > difficult.
>
> Combined with adding similar code to sshd.
Just a heads up, you want to do this, but
you may not be able to get an evaluation team
to allow it in an evaluated configuration.
> > There were some externally developed gdm patches
> for selinux
> > that enabled context selection long ago, but
> nothing recent
> > (pre-Fedora).
>
> But, from the "gdm/trsuted-X needs lots more work"
> discussion, gdm
> should just stay with the default Sensitivity and
> people can use a
> terminal+ssh to change levels?
The MLS-ignorant Xserver should not be able to
communicate with clients run with a different MLS
value, but this trick ought to work, providing
further assurance that allowing the option to
specific MLS value when you login (ssh) over a
network connection won't get past the evaluators.
Plus, it will only work for terminals, not
for launching X clients.
Casey Schaufler
casey at schaufler-ca.com
More information about the redhat-lspp
mailing list