From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 07 Jan 2009 10:25:13 -0500
Subject: [refpolicy] [RFC] drop nodecons
Message-ID: <1231341913.27022.20.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Some time ago we dropped the netifcons (and related types) from
refpolicy, since all networking domains had access to all interfaces.
This made it difficult for users to label an interface with a new type
and have only their custom domain be allowed access to that interface.
So we dropped the netifcons and changed the policy for networking
domains to use "generic" netif_t interfaces.

I believe we should also do this with the nodecons.  The main issue is
with MLS policy users.  Some of the current nodecons specify system low,
but the default sensitivity (initial sid) for a node is system
low-system high.  If we remove these system low nodecons, then they
would revert to system low-system high.  If we use the full
network_node() macros only in the MLS policy, the MLS policy will be
broken since domains will only be allowed generic node access (node_t).
We could use raw netifcons and label the nodes in question as node_t at
system low, but this could cause problems if the user also wants to
change the type of the node.  Thoughts?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150