[fmac-discuss] FMAC and sockets?
Erik Nordmark
erik.nordmark at sun.com
Tue Sep 30 15:37:59 PDT 2008
Stephen Smalley wrote:
> In modern SELinux, the socket-related API extensions are:
> 1) A setsockcreatecon() interface for specifying the security context to
> apply to new sockets on subsequent socket(2) calls by the process. This
> is only when the application needs to specify a context other than the
> default one that would be applied by the policy, and is limited to
> security-aware applications with appropriate permissions.
Does that apply to sockets created by accept() as well as by connect()?
> 2) A SO_PEERSEC socket option for getsockopt(2) in order to get the
> security context of a connected peer.
>
> 3) A SO_PASSEC socket option and SCM_SECURITY control message in order
> to get the security context of a datagram.
OK.
> Fanout of inbound packets/connections based on security context would be
> nice to support, but we don't presently support that in SELinux, so it
> isn't necessary up front. Also, it wouldn't necessarily be on a
> one-to-one basis; we would likely map a given set of security contexts
> to a given destination context.
>
> Long term I think it would make sense to replace ts_label_t with a
> security context that includes the MLS label as a component, but not in
> the initial version.
Makes sense. Do you think this means that cr_label would be replaced by
a reference from the cred to the security context, or will be security
context be more dynamic than the current cred_t?
FWIW I´m looking at refactoring the TCP/IP fanout to explicitly use
ts_label_t (instead of the label in the cred) but that could easily
change to some other explicit thing down the road.
Erik
More information about the fmac-discuss
mailing list