[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    mls contraints on adding files to directories
From:       "Clarkson, Mike R \(US SSA\)" <mike.clarkson () baesystems ! com>
Date:       2007-06-25 18:54:55
Message-ID: FB39F4E77226B448BC1388D3BE4E00CD01DBFA97 () blums0008 ! bluelnk ! net
[Download RAW message or body]

I think that I'm misunderstanding the mls constraints on adding files to
directories. 

I thought that the following constraint would prevent adding a file at a
higher security level than the directory, unless the domain of the
writing process had been given the mlsfilewritetoclr attribute, or the
directory type had been given the mlstrustedobject attribute:

mlsconstrain dir { add_name remove_name reparent rmdir }
	((( l1 dom l2 ) and ( l1 domby h2 )) or
	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby
l2 )) or
	 ( t1 == mlsfilewrite ) or
	 ( t2 == mlstrustedobject ));

However, I can use runcon to create a file at a higher level than the
directory. For example, I can do the following:

> runcon -l s3 touch /m2ds/import/datasources/inputBuffer/U/temp

> ls -Z /m2ds/import/datasources/inputBuffer/U/temp
-rw-r--r--  root root root:object_r:import_datasources_t:s3
/m2ds/import/datasources/inputBuffer/U/temp

> ls -dZ /m2ds/import/datasources/inputBuffer/U
drwxrwxr-x  root m252 system_u:object_r:import_datasources_t:s1
/m2ds/import/datasources/inputBuffer/U

I'm able to do this with the policy in Enforcing mode. 

So what is this mlsconstrain statement doing?



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]