Magosanyi Arpad wrote:
> 1. The host which stores the log does have MAC labels
> 2. It does not.
>
> #2 is uninteresting. It can be handled with fac/pri/whatever.
>
> In #1 you want to make the mapping to MAC labels. The mapping should take
> place where the log arrives into the "MAC-aware area". The TCSEC is explicit
> in this respect: you have single level and multilevel channels. The non-mac ->
> mac transition can be done in a single-level channel only. The labels of the
> channel should be set by the administrator. In our case the channel is
> identified by the tuple of source ip(/port),dest ip/port,authentication key.
> The labels of each channel should be set by the configuration file of the
> logger daemon.
> Between the MAC aware loggers you should communicate the labels iff you
> want to build a multilevel channel between them. This leaves you two choices:
> a) design a protocol which can act as a multilevel channel (or use a wrapper
> protocol for that)
> b) use distinct channels for each set of labels
>
> I personally better like choice a)
>
> Note that the above implies that a logger in a MAC aware environment
> should act as an M (MA, actually) component in respect of the system logs.
Hmm, I supposed I could add wording to that effect.
--
Chris Calabrese
Internet Infrastructure and Security
Merck-Medco Managed Care, L.L.C.
[EMAIL PROTECTED]
.
