From: dominick.grift@gmail.com (Dominick Grift) Date: Tue, 29 Oct 2013 22:53:21 +0100 Subject: [refpolicy] SELinux Configuration In-Reply-To: <001801ced4e9$30d13ad0$9273b070$@com> References: <001801ced4e9$30d13ad0$9273b070$@com> Message-ID: <1383083601.2980.31.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2013-10-29 at 16:55 -0400, Gary Cliff wrote: > Q1: Is 'mls' included in 'targeted'? > Strictly put: no ... , but This kind of confusing but in the config file mls is referring to the mls policy model. which is a different policy model than the targeted policy model. So from that perspective, no, mls is not included with targeted However mls is also a security model, and in that case mls can be made to be included with the targeted policy model, usually in the form of mcs yes that is confusing indeed. there is just a difference between policy models and security models. mls as a security model adds a security attribute (security level security attribute, e.g. a fourth field to a selinux security context), and that security attribute can be used to enforce confidentiality with compartmentalization (full MLS), or just only compartmentalization (mls security attribute used to only add compartmentalization (MCS). Fedora for example ships its targeted policy model, with the mls security model enabled in mcs mode ( adds additional compartmentalization capabilities ) > > Q2: is only MLS protected in 'mls'? > Not strictly but generally yes. (in the context of your question yes probably) In theory there is nothing stopping you from enforcing confidentiality, with compartmentalization in a targeted policy, but it is not supported, as it does not really make sense. So recap: in the config file mls is referring to the mls policy model, and targeted is referring to the targeted policy model. the mls policy model is by design not "targeted", but is "strict", although you could implement the mls properties into a targeted policy. (just add a unconfined domain to the mls policy model, and then you have a "targeted mls" policy model... i guess (its not supported but possible i think) the targeted policy model can be built to support limited mls capabilities ( this IS supported ), its called MCS, which is the MLS security model without the capabilities to enforce confidentiality , e.g. only allow for additional compartmentalization capability using the MLS security attributes Fedora/RHEL have targeted policy with mcs enabled by default, but no one has targeted policy with full mls enabled it is kind of unfortunate that people decided to call the policy model that uses full MLS, the mls policy model, the more because from a security model perspective mls is referred to as a model to enforce confidentiality with compartmentalization (full mls), as well as only compartmentalization (mcs, aka semi mls) I hope that this cleared things up a bit for you.. but i will not blame you if it did not.. because its just confusing Maybe someone else can explain it in simpler terms, and still give a comprehensive answer