On Wed, Jun 9, 2010 at 11:50 AM, Janne Karhunen <[email protected]> wrote: > On Wed, May 26, 2010 at 7:35 PM, Casey Schaufler <[email protected]> > wrote: > >> I have attached some Smack tools, including "newsmack", which >> provides an example of how to set a process label by writing >> to /proc/self/attr/current. >> >> /sbin/newsmack ContractsToSMS /usr/lib/userdataman-binary > > Sorry for the delay, finally getting back to this as we got Elena on > board (she was on vacation). We had a chat about this yesterday > and couldn't really get our heads around if this is a good thing or > not. Apparently our understanding of Smack is still way too vague > to conclude anything. > > First of all, our current setup allows running trusted and untrusted > software on the same device. To me this means that processes > should not be allowed to set/modify their own label or we end up > making the whole access control void as untrusted piece of SW > can assign itself a label required for accessing a given server. > Now that can't be right, can it? Another slightly related thing, can > two applications use the same (subject) label? > > And then theres the multi-label support. We can't really understand > yet how could we allow the application to implement fine-grained > access control with smack without the multi-label support. In our > case label doesn't really identify the app, it identifies a capability > owned by the task, and there can be dozens of them assigned in > any imaginable combination.
After all you have to make a kitchen sink out of it :) In SELinux these capabilities are what we call types in an indirect manner. Can you please send me the tools that I have missed. I'll also try to google for them. You need to have one process as a mediator/manager to do the CAP_MAC_ADMIN (according to Casey as I am not an expert on MAC myself) or some other design strategy. -- Shaz _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
