[fmac-discuss] FMAC object classes and permissions
Stephen Smalley
sds at tycho.nsa.gov
Thu Aug 14 11:57:01 PDT 2008
On Wed, 2008-08-13 at 11:27 -0700, Cathleen Reiher wrote:
> Thanks, John. I'll take a look at the
> source files.
Just to reinforce what John said, I wouldn't draw many conclusions from
the current Flask definitions, as they haven't been fitted to the
Solaris kernel yet.
A more useful exercise for you at this point might be to identify the
set of objects in the Solaris kernel that are visible to userspace and
the set of operations on those objects provided by the Solaris kernel
interfaces. This forms the basis for defining the object classes and
permissions.
Have a look at the corresponding descriptions of Linux object classes,
permissions, and control requirements enumerated in the original SELinux
technical report available from:
http://www.nsa.gov/selinux/papers/slinux-abs.cfm
--
Stephen Smalley
National Security Agency
More information about the fmac-discuss
mailing list