Using GConf as an Example of How to Create an Userspace Object Manager
James Carter, National Security Agency
It has become apparent that many people want some of the benefits of MLS but in a way that is easier to use than the full MLS implementation.
There are various strategies that can be used to provide security controls over an application under SELinux. One strategy is to turn the program into a userspace object manager. Since the SELinux kernel object managers cannot control objects that are only visible in userspace, creating userspace object managers is a natural part of implementing the flask architecture on Linux. GConf is a configuration system for GNOME and controls configuration keys and values which are not visible to the kernel. This paper discusses the general process of providing SELinux controls over a program and the specific steps taken to provide SELinux controls over GConf.
1 comment:
It's something about Major Leauge Soccer, I think. MLS.
from
miker
Post a Comment