next up previous contents
Next: API extensions Up: Design Previous: Control Requirements   Contents

Persistent Labeling

Since file systems, files, and directories are persistent objects, an approach for providing persistent labels for these objects was developed. To ensure that the security attributes of these objects are preserved even if the file system is moved to another system, the Linux file system component must maintain a table within each file system that specifies the security context of the file system and each file and directory within that file system. This approach also ensures that the security attributes are preserved over time, even if the policy changes, and that the security attributes can be interpreted by a user if a manual translation of attributes for a new policy is required.

The Linux file system component can handle security contexts without sacrificing policy flexibility or performance by treating security contexts as opaque strings and by mapping these labels to SIDs by a query to the security server for internal use by the file system component. For efficient storage, the file system component may assign a fixed-size value, referred to as a persistent SID (PSID), to each security context associated with an object in the file system, and may then partition the persistent labeling table into a mapping between each PSID and its security context and a mapping between each object and its PSID. The PSID is purely an internal abstraction within the file system and has a distinct name space for each file system. Hence, PSIDs may be lightweight and the allocation of PSIDs may be optimized for each file system.


next up previous contents
Next: API extensions Up: Design Previous: Control Requirements   Contents