[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Selinux bash prompt decorations
|
From: |
Steve Grubb |
|
Subject: |
Re: Selinux bash prompt decorations |
|
Date: |
Sat, 6 May 2006 19:53:39 -0400 |
|
User-agent: |
KMail/1.7.2 |
On Saturday 06 May 2006 19:23, Linda Walsh wrote:
> IMO, common core utilities shouldn't be linking with specialized
> libraries.
We already have many common core utilities linking with security libraries.
This is how you make life easier for the end user.
> Alternatively, maybe there should be a applications-security-module
> API to abstract calls to a specific security policy.
This was my goal. I was wondering if we could create a set of prompt tokens
that could be used by ANY operating system. For example, there are a couple
of OS that supports RBAC. So, regardless of the native implementation, they
would have a similar need.
> It seems poor practice to tie a specialized security policy into the general
> versions of all application utilities, but I suppose this would
> require much planning, cooperation and foresight.
(Before anyone gets upset, none of this is directed at the bash people, its
just a theoretical discussion.)
Its not poor practice to make something usable for people. There is a large SE
Linux community that we work with. Admittedly, it is mostly used on Linux,
but it is being ported to FreeBSD. Adding decorations for a system admin to
label the windows with is something any secure OS might aspire to. If, for
example, there is a "role" in AppArmor, you might want a role on the prompt.
For the moment, we are going the route of doing this via `id -Z`. But I
thought there was a common problem across secure distributions that we could
create a standard for. TSOL could link to its libraries, RHEL could link to
libselinux, etc. I suppose this is the planning, cooperation, and foresight
you spoke of.
-Steve