MLS Systems such as PitBull, HP CMW, and DIGITAL MLS+ supported at least ranged directories where files of different SLs could be written into a single directory. These directories have a minimum and maximum SL which are used to arbitrate MLS write access. Many of these had ranged devices as well to handle things such as the null device.
-Chad > -----Original Message----- > From: Casey Schaufler [mailto:[EMAIL PROTECTED] > Sent: Monday, July 03, 2006 3:45 PM > To: Klaus Weidner; lspp-list > Subject: Re: [redhat-lspp] Getting rid of multilevel objects > > > > > --- Klaus Weidner <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > currently the MLS policy supports multilevel objects > > (using a range where > > the upper level is not equal to the lower level), > > for example > > directories, sockets, and character devices. > > Unix MLS systems address these cases thus: > > Directories: To modify a directory (e.g. create > a directory entry) you must be at the same MLS > label as the directory (which has only one label) > and the new object gets the label of the process. > > Trusted Solaris adds a mkupdir(2)* syscall that > takes a label as a parameter and sets the label > of the new directory to that passed, assuming a > set of conditions are met. These conditions > include that the new label dominate the process > label, and that the user is cleared for it. > > Trusted Irix allows a user to relabel an > existing directory, again under constraints, > including that the user is cleared for the > new label, it dominates the old label, and > that the directory is empty. > > Sockets: Sockets get the label of the process, > period. Privilege may be used to modify a > variety of the aspects of incoming and outgoing > packet access. The TSIX api proved quite handy. > > Devices: Since /dev/tty, ptys, null, zero, all > demonstrate quirky behaviors they are treated > independently. Trusted Irix takes advantage of > it's label type scheme to address these, while > Trusted Solaris pretty much hard codes each as > a special case. > > The Orange Book talks about label ranges on > file systems, not individual objects, and on > devices in the context of the labels they may > have, but only one at a time. I would be > interested to see how they would be argued to > satisfy the B&L sensitivity requirements. > > ----- > * I think that's the name. It's been a while. > > Casey Schaufler > [EMAIL PROTECTED] > > -- > redhat-lspp mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/redhat-lspp > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
