Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
On Mon, 2005-10-31 at 14:49 -0500, Gene Czarcinski wrote:
> I tried seting a category on a directory in /tmp and then (with touch)
> creating a file under that directory. So far so good.
>
> I then ssh'ed into the system as another user which does not have those
> categories defined in seusers. This user could access the file. This sounds
> like a bug to me.
Looks like the MCS constraints (as defined in policy/mcs) only constrain
access to files, not directories, presently (and this is noted in a
comment in that file, so it seems to be intentional). They do appear to
work correctly for files. Use of categories on directories doesn't seem
to be supported at present under MCS.
> Also, is there a way that a category value can be propogated to all
> files/directories below it?
Hmmm...the current MLS logic inherits from the process'
effective/current/low level rather than from the parent directory.
--
Stephen Smalley
National Security Agency
|
| |
