Re: security, permission models

From: Daniel J Walsh <dwalsh redhat com>
To: Ivan Gyurdiev <ivg2 cornell edu>
Cc: Christian Neumair <chris gnome-de org>, nautilus-list gnome org, Alexander Larsson <alexl redhat com>
Subject: Re: security, permission models
Date: Mon, 06 Mar 2006 11:41:28 -0500

We are just beginning to work with labeled documents which is reallywhat MCS is. A couple of use cases would be to label a fileas CompanyConfidential and then make the mailer systems smart enough toonly mail CompanyConfidential files to internal mail addresses/list.IE Prevent accidental leakage of confidential material.Similarly MLS requires labeled printing. This feature is being added tocups to allow the printing of Headers and Footers withCompanyConfidential or PatientRecord. As an added feature, the printerswill be labeled. Use case would be someone printing aPatientRecord and the default printer was at receptionist desk, theprint job would not be allowed, but if they chose the Lab Printerit would work.Finally for your last example of labeling a document Family. We wouldlike to eventually add some SELinux/Labeled Document awarenessto applications like Apache, Samba even ftp, so you could start to lookat the labeled Network of the connecting process, and then allow accessbased on the access capabilities of the connecting process.Admittedly this is away off, but the we have the building blocks inplace with SELinux Labels to do this now.

Dan

References:
- Re: Nautilus integration with SELinux
  - From: Alexander Larsson
- Re: Nautilus integration with SELinux
  - From: Ivan Gyurdiev
- Re: Nautilus integration with SELinux
  - From: Ivan Gyurdiev
- Re: Nautilus integration with SELinux
  - From: Christian Neumair
- Re: Nautilus integration with SELinux
  - From: Ivan Gyurdiev
- security, permission models (was: Re: Nautilus integration with SELinux)
  - From: Christian Neumair
- Re: security, permission models
  - From: Ivan Gyurdiev

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]