> --- "Serge E. Hallyn" <serge@hallyn.com> wrote:
>
> > Quoting Casey Schaufler (
casey@schaufler-ca.com):
> > > ...
> > > Good suggestion. In fact, that is exactly how I approached my
> > > first two attempts at the problem. What you get if you take that
> > > route is an imposing infrastructure that has virually nothing
> > > to do and that adds no value to the solution. Programming to the
> > > LSM interface, on the other hand, allowed me to drastically reduce
> > > the size and complexity of the implementation.
> >
> > (tongue-in-cheek)
> >
> > No no, everyone knows you don't build simpler things on top of more
> > complicated ones, you go the other way around. So what he was
> > suggesting was that selinux be re-written on top of smack.
> >
> > :)
>
> I'm not sure how seriously anyone ought to take what I'm about to
> outline. Please feel free to treat it with as much or as little
> reverence as you choose.
>
> How to implement SELinux starting from Smack.
>
> You'll need to break up the current rwxa accesses into a set
> that matches the current SELinux set. Assign each a letter and
> a "MAY_ACTION" #define.
>
> You'll need a mapping for domain transitions, something like:
>
> subject-label program-label new-subject-label
>
> This will require bprm hooks that aren't there now.
>
> Additional hooks will need to be filled out as Smack does not
> add access control to things that aren't objects or actions that
> aren't accesses. Treat these as if they are accesses to objects
> and there shouldn't be too much trouble.
>
> Do something about the linear search for subject/object label pairs.
> With the larger label set searching will become an issue.
>
> Audit integration, too. The networking code will require some work
> for ipsec. The interfaces are pretty clean, Smack isn't using it
> because the CIPSO interface is simpler, not because there's any
> real problem with it.
>
> I wouldn't expect the whole thing to be more than a couple week's
> work for someone who really wanted to do it.
