I am looking to use SELinux to secure a process that is made up of a
number of discrete, sequential stages. One stage communicates to the
next by writing results to a file and then an external process modifies
the SELinux context of the file to allow the next stage to read the file
and so on until the final stage is reached and the processing stops.
The problem I have is that the number of stages is variable and can
change with each invocation of the process, i.e. when I create the
process I know the number of stages that will be required in it, but the
number of stages could change with each invocation. I think therefore,
that I need a means of creating new contexts on the fly and assigning
them to the processes. Is it possible with SELinux to create a new
security context (domain for the output file, and user/role for the
stage process) on the fly and execute a process within that context such
that it could poll a directory for input files and, if it is permitted
to read the file perform its operation?
This email and any attachments to it may be confidential and are
intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient of this email, you must neither
take any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this email in
error. QinetiQ may monitor email traffic data and also the content of
email for the purposes of security. QinetiQ Limited (Registered in
England & Wales: Company Number: 3796233) Registered office: Cody Technology
Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com.
selinux mailing list