[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Selinux bash prompt decorations

From: Steve Grubb
Subject: Re: Selinux bash prompt decorations
Date: Sat, 6 May 2006 19:53:39 -0400
User-agent: KMail/1.7.2

On Saturday 06 May 2006 19:23, Linda Walsh wrote:
> IMO, common core utilities shouldn't be linking with specialized
> libraries.

We already have many common core utilities linking with security libraries. 
This is how you make life easier for the end user.

> Alternatively, maybe there should be a applications-security-module
> API to abstract calls to a specific security policy. 

This was my goal. I was wondering if we could create a set of prompt tokens 
that could be used by ANY operating system. For example, there are a couple 
of OS that supports RBAC. So, regardless of the native implementation, they 
would have a similar need.

> It seems poor practice to tie a specialized security policy into the general
> versions of all application utilities, but I suppose this would
> require much planning, cooperation and foresight. 

(Before anyone gets upset, none of this is directed at the bash people, its 
just a theoretical discussion.)

Its not poor practice to make something usable for people. There is a large SE 
Linux community that we work with. Admittedly, it is mostly used on Linux, 
but it is being ported to FreeBSD. Adding decorations for a system admin to 
label the windows with is something any secure OS might aspire to. If, for 
example, there is a "role" in AppArmor, you might want a role on the prompt.

For the moment, we are going the route of doing this via `id -Z`. But I 
thought there was a common problem across secure distributions that we could 
create a standard for. TSOL could link to its libraries, RHEL could link to 
libselinux, etc. I suppose this is the planning, cooperation, and foresight 
you spoke of.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]