Date: Thu, 24 Oct 2002 15:44:24 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: Perforce Change Reviews <perforce@FreeBSD.org> Subject: Re: PERFORCE change 20064 for review Message-ID: <200210241944.g9OJiOMU023924@green.bikeshed.org> In-Reply-To: Your message of "Thu, 24 Oct 2002 15:17:28 EDT." <Pine.NEB.3.96L.1021024151536.33116B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <rwatson@FreeBSD.org> wrote:
> Note that this is arguably incorrect for all policies but LOMAC, since
> "fail stop" is the desired behavior for Biba, MLS, SELinux, and others.
> This is why I changed the default for cow to off. We should look into a
> way to provide both what LOMAC and the other policies need, perhaps by
> having two entry points: one for the purpose of downgrading with COW, one
> without. In particular, pay attention to cases like:
>
> LOMAC wants to downgrade write to read-only
> Biba wants to remove write entirely
>
> The desired composition in this case is probably the Biba result.
Well, note that nothing at all was enforced previously, and only LOMAC is
capable of requesting downgrade at the moment, so this is effectively a
LOMAC option, but in the wrong place :) I think the simple solution would
be adding an int *dontCOW argument, and in policies which would like to
revoke without COW something like:
if (shouldrevoke(subj, obj)) {
*perms &= ~VM_OBJECT_READ;
if (I_should_not_COW)
++*dontCOW;
}
--
Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\
<> green@FreeBSD.org <> bfeldman@tislabs.com \ The Power to Serve! \
Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210241944.g9OJiOMU023924>