From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 07 Jan 2009 10:25:13 -0500 Subject: [refpolicy] [RFC] drop nodecons Message-ID: <1231341913.27022.20.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Some time ago we dropped the netifcons (and related types) from refpolicy, since all networking domains had access to all interfaces. This made it difficult for users to label an interface with a new type and have only their custom domain be allowed access to that interface. So we dropped the netifcons and changed the policy for networking domains to use "generic" netif_t interfaces. I believe we should also do this with the nodecons. The main issue is with MLS policy users. Some of the current nodecons specify system low, but the default sensitivity (initial sid) for a node is system low-system high. If we remove these system low nodecons, then they would revert to system low-system high. If we use the full network_node() macros only in the MLS policy, the MLS policy will be broken since domains will only be allowed generic node access (node_t). We could use raw netifcons and label the nodes in question as node_t at system low, but this could cause problems if the user also wants to change the type of the node. Thoughts? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150