On Sat, 2007-07-14 at 14:47 -0700, Casey Schaufler wrote: > Smack is the Simplified Mandatory Access Control Kernel. > > Smack implements mandatory access control (MAC) using labels > attached to tasks and data containers, including files, SVIPC, > and other tasks. Smack is a kernel based scheme that requires > an absolute minimum of application support and a very small > amount of configuration data. > > Smack is implemented as a clean LSM. It requires no external > code changes and the patch modifies only the Kconfig and Makefile > in the security directory. Smack uses extended attributes and > provides a set of general mount options, borrowing technics used > elsewhere. Smack uses netlabel for CIPSO labeling. Smack provides > a pseudo-filesystem smackfs that is used for manipulation of > task and system Smack attributes. > > The patch exceeds the 40k size rule, coming in at about 100k. > I would be happy to send the patch to anyone who has trouble > with the project site. The patch can be found under: > > http:/www.schaufler-ca.com/data/smack-0710A-patch.tar > > The patch, patches for ls and sshd, a README, a startup script, > and x86 binaries for ls and sshd is also available under: > > http:/www.schaufler-ca.com/data/smack-0710A-all.tar > > The ls and sshd patches, startup script, and README are also > available under: > > http:/www.schaufler-ca.com/data/smack-0710A-base.tar > > The patch applies to 2.6.22. Development has been done using > Fedora Core 5 in a virtual machine environment. > > > Smack provides mandatory access controls based on the label attached > to a task and the label attached to the object it is attempting to > access. Smack labels are deliberately short (1-7 characters) text > strings. Single character labels using special characters are reserved > for system use. The only operation applied to Smack labels is equality > comparison. No wildcards or expressions, regular or otherwise, are > used. > > A file always gets the Smack label of the task that created it. > > Smack defines and uses these labels: > > "*" - pronounced "star" > "_" - pronounced "floor" > "^" - pronounced "hat" > "?" - pronounced "huh" > > The access rules enforced by Smack are, in order: > > 1. Any access requested by a task labeled "*" is denied.
So why allow "*" to ever be set on a task at all? Versus just prohibiting it up front in setprocattr? Also, how does "*" differ from "-" (dash, not floor). Your code seems to make them identical but your description omitted dash entirely. > 2. A read or execute access requested by a task labeled "^" > is permitted. > 3. A read or execute access requested on an object labeled "_" > is permitted. > 4. Any access requested on an object labeled "*" is permitted. > 5. Any access requested by a task on an object with the same > label is permitted. > 6. Any access requested that is explicitly defined in the loaded > rule set is permitted. > 7. Any other access is denied. > > Rules may be explicitly defined by writing subject,object,access > triples to /smack/load. > > Smack rule sets can be easily defined that describe Bell&LaPadula > sensitivity, Biba integrity, and a variety of interesting > configurations. Smack rule sets can be modified on the fly to > accomodate changes in the operating environment or even the time > of day. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
