[DSE-Dev] UBAC

[Russell Coker]

For a while the Fedora people have had a thing called UBAC in their SE Linux 
policy.

UBAC basically means that if two users have a different SE Linux identity 
(managed by the "semanage login" command) then they can't share files, mess 
with each other's processes, etc.

As the role based access control is now so broken as to be unusable (I 
recently fixed the policy so that you can now login to a KDE session as 
staff_r but it's not going to be useful for doing work) it seems that we need 
to consider other options.

So I'm thinking of enabling UBAC now.  So we will have MMCS and UBAC as the 
methods for protecting users from each other.  MMCS will allow communication 
in some ways as a user who's range dominates that of another user can launch a 
shell with a subset of the range.  But UBAC won't, any user who's identity 
isn't unconfined_u will be restricted.  I think I'll make the default identity 
be user_u so that non-root users will be prevented from accessing root created 
files unless they have a type such as etc_t or similar.

What do you think?

I know it's late.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/