mandatory-access-control – Page 3

SMACK LSM Module behaves strangely

Posted on July 15, 2017 by Satya

I want the following:

I want to use openssl to change the keys. So, I created the directory “/etc/keys” which I labelled “keys“. I created a file “key” with same access “keys” and another key file “forbiddenkey” with access “forbidden” under the directory “etc/keys“.
I made the openssl command execute as “secure“.
I made the following rules
secure keys rw
secure forbidden –
I tested the rules as shown in the figure below and they seem to work.

But when I tried to actually run the command it didn’t work even though the WRITE access is allowed to /etc/keys and /etc/keys/key

openssl rand 32 > /etc/keys/key

The error message is as follows

-bash: /etc/keys/key: Permission denied

The audit message is as follows

VirtualBox kernel: [ 1274.037659] audit: type=1400 audit(1500117397.021:8): lsm=SMACK fn=smack_inode_getattr action=denied subject=”_” object=”keys” requested=r pid=2574 comm=”pool” path=”/etc/keys” dev=”sda1″ ino=3932692

It’s strange that I ran openssl with execute “secure” as subject but I get in audit as “floor(_)”. Can anyone identify the mistake?

Greets,
Satya

Continue reading SMACK LSM Module behaves strangely→

Isn’t RBAC just an implementation of MAC?

Posted on January 29, 2017 by Nu Nunu

So I’ve been reading up on MAC vs DAC vs RBAC and there is something which I do not understand. Everywhere you read, it tells you that these types are different (disjoint) but isn’t RBAC just a type (implementation) of MAC?

… Continue reading Isn’t RBAC just an implementation of MAC?→

linux kernel security module smack transmutation example

Posted on November 6, 2016 by minghua

In the kernel documentation for smack security module it reads: “If a directory is marked as transmuting (SMACK64TRANSMUTE=TRUE) and the access rule that allows a process to create an object in that directory includes ‘t’ access the label … Continue reading linux kernel security module smack transmutation example→

linux kernel security module smack transmutation example

Posted on November 6, 2016 by minghua

In the kernel documentation for smack security module it reads: “If a directory is marked as transmuting (SMACK64TRANSMUTE=TRUE) and the access rule that allows a process to create an object in that directory includes ‘t’ acc… Continue reading linux kernel security module smack transmutation example→

Apparmor system-wide security — white-listing

Posted on September 17, 2013 by securecurve

I want to only white-list applications that can run on my system using Apparmor, I know it is used to confine applications/programs based on their path names, but what I need is to contain those applications to run in confine… Continue reading Apparmor system-wide security — white-listing→

Bell-LaPadula imlementation example

Posted on November 5, 2011 by user1019710

I’m currently studying the Bell-LaPadula model and i need to do an implementation as an example.

I understand how the model works, but I have difficulties implementing it in a programming language (for example Java). I cons… Continue reading Bell-LaPadula imlementation example→