Re: [tcf-dev] Mandatory Access Control support in TCF

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [tcf-dev] Mandatory Access Control support in TCF

From: Eugene Tarassov <eugene.tarassov@xxxxxxxxxx>
Date: Thu, 21 Jan 2016 18:30:56 +0000
Accept-language: en-US
Delivered-to: tcf-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/tcf-dev>
List-help: <mailto:tcf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/tcf-dev>, <mailto:tcf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/tcf-dev>, <mailto:tcf-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHRVHQPkuEEfL/NdUaMOHUxXlou5J8GSLvA
Thread-topic: [tcf-dev] Mandatory Access Control support in TCF

Hi Dominig,

Security, like SELinux, is implemented in the kernel and, normally, does not require any cooperation from user space software, like TCF. Could you explain why exactly TCF agent would want to be aware of Mandatory Access Control?

Thanks,
Eugene


-----Original Message-----
From: tcf-dev-bounces@xxxxxxxxxxx [mailto:tcf-dev-bounces@xxxxxxxxxxx] On Behalf Of Dominig ar Foll (Intel OTC)
Sent: Thursday, January 21, 2016 9:49 AM
To: tcf-dev@xxxxxxxxxxx
Subject: [tcf-dev] Mandatory Access Control support in TCF

Hello,

I am a new comer on this list and I am looking for the best solution to
add the support off some common security mechanisms to TCF.
I am hoping to get some advise from people who know that code well and
might have ideas on what would be the best implementation model.

I would like to start by a Mandatory Access Control such as SE Linux or
Smack, then I would like to look at and Integrity enforcement such as
IMA and container support.

The support of those type of security faciilities will require to extend
some services in particular the 'File System Service' and the 'Run
Control Service' to support the additional file extended attributes used
by MAC and the increased complexity of attaching ptrace to a service
running in a bespoke security context.

Obviously, we do not want to create patches but rather an extension
which can be configured to support various model of MAC (at least Smack
and SE Linux sto start with).

Thanks in advance for your help.

--
Dominig ar Foll
Senior Software Architect
Open Source Technology Centre
Intel SSG

_______________________________________________
tcf-dev mailing list
tcf-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/tcf-dev


This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.

Follow-Ups:
- Re: [tcf-dev] Mandatory Access Control support in TCF
  - From: Dominig ar Foll (Intel OTC)

References:
- [tcf-dev] Mandatory Access Control support in TCF
  - From: Dominig ar Foll (Intel OTC)

Prev by Date: [tcf-dev] Mandatory Access Control support in TCF
Next by Date: Re: [tcf-dev] Mandatory Access Control support in TCF
Previous by thread: [tcf-dev] Mandatory Access Control support in TCF
Next by thread: Re: [tcf-dev] Mandatory Access Control support in TCF
Index(es):
- Date
- Thread

Breadcrumbs