Niels Provos wrote:
On 4/26/06, Joshua Brindle <[EMAIL PROTECTED]> wrote:
Well, systrace is path based so you can apply all those arguments
directly. I don't understand what you mean by systrace is not MAC, what
is it? It has a policy, it enforces access control. I guess choosing to
Let's take this opportunity to avoid misunderstandings. I don't know
very much about mandatory access control nor SELinux in particular.
However, I certainly support the statement that Systrace is not a MAC
system nor does it want to be one. It would be great if you could
help improve my understanding of SELinux by explaining the SELinux
policy that governs, for example, your IRC client.
That is fair. If noone involved considers systrace MAC then I'm less
inclined to care about its availability, I'm still very concerned about
privilege escalation and user interaction. I will not concede that this
sort of activity (particularly the privilege escalation) is very dangerous.
SELinux is mandatory so the policy would already be loaded into the
kernel. The irc client executable would be labeled (something like
irc_exec_t). The user shell process would have a label (user_t) and
user_t executing irc_exec_t would cause a transition into user_irc_t.
The user_irc_t would then only have access to the resources it needs,
network, its own files in your home and tmp. Derived domains like
user_irc_t are used to seperate user apps from one another (without the
assistance of DAC).
There are tons of resources about how selinux works policy-wise though.
What in particular do you want to know?
--
gentoo-security@gentoo.org mailing list
