[redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole

[Casey Schaufler]

--- James Antill <jantill at redhat.com> wrote:

> On Thu, 2006-10-19 at 09:30 -0400, Stephen Smalley
> wrote:
> 
> > pam_selinux used to have support to let the user
> pick from the list of
> > reachable contexts for the user.  So you could
> just restore that
> > support.
> 
>  So, in summary of the discussion, having
> pam_selinux let the user pick
> the TE and Sensitivity separately (much as it does
> now if
> get_ordered_context_list_with_level() fails) is the
> valid approach?

On Trix you can specify the MAC and Capabilities
this way, so it seems you ought to be able to
specify Sensitivity and TE on SELinux.

> > That doesn't address sshd though.  Or gdm.  sshd
> shouldn't be too
> > difficult.
> 
>  Combined with adding similar code to sshd.

Just a heads up, you want to do this, but
you may not be able to get an evaluation team
to allow it in an evaluated configuration.

> >   There were some externally developed gdm patches
> for selinux
> > that enabled context selection long ago, but
> nothing recent
> > (pre-Fedora).
> 
>  But, from the "gdm/trsuted-X needs lots more work"
> discussion, gdm
> should just stay with the default Sensitivity and
> people can use a
> terminal+ssh to change levels?

The MLS-ignorant Xserver should not be able to
communicate with clients run with a different MLS
value, but this trick ought to work, providing
further assurance that allowing the option to
specific MLS value when you login (ssh) over a
network connection won't get past the evaluators.
Plus, it will only work for terminals, not
for launching X clients.



Casey Schaufler
casey at schaufler-ca.com