next up previous contents
Next: Constraints configuration Up: Policy Configuration Language Previous: MLS configuration   Contents

User configuration

Figure: User declarations.
\begin{figure}\begin{center}
\begin{footnotesize}
\begin{verbatim}user system_...
...er_r
ranges { u s-ts };\end{verbatim}\end{footnotesize}\end{center}\end{figure}

The users file, or the users.mls file if the MLS policy is enabled, contains one or more declarations for users, as shown in Figure 10. Each user has a corresponding set of allowed roles that may be associated with that user. This limits the set of roles that may be entered by a process with that user identity. If the MLS policy is enabled, then each user also has a corresponding set of allowed MLS ranges that may be associated with the user. This limits the set of MLS ranges that may be entered by the user and the set of MLS ranges that may be used for objects owned by the user. Any MLS range that is a subset of one of the specified MLS ranges is allowed.

The current policy configuration language does not support specification of user transition rules. It is expected that the user identity of a process will only change through user authentication programs that explicitly specify the new identity. By default, the user identity of a process does not change across an execve, and the user owner of a file is inherited from the creating process. Controls over explicit user identity transitions based on the type of the process may be specified through the constraints file, as discussed in Section 3.4.5.

The current policy configuration language also does not support specification of user member rules for polyinstantiated objects. The user owner of the member is currently always inherited from the polyinstantiated object. Hence, separate members are not created for different users of processes that access the object.


next up previous contents
Next: Constraints configuration Up: Policy Configuration Language Previous: MLS configuration   Contents