How to implement and configure MLS (BLP model) in SELinux?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to implement and configure MLS (BLP model) in SELinux?
I'm currently studying about bell-lapadula model for my research and I need to implementation it as a simple example. I want to implement a simple BLP model using SELinux on my virtual machine Centos. In my research, I have 4 user, which represent four levels of security (Top Secret, Secret, Unclassified, Public) and each user has their own folder. I just want to know how to enable MLS in SELinux, set the BLP rules in SELinux?
Before, I use this reference https://access.redhat.com/documentat...n-selinux.html. But in the last step, I always failed to access root, maybe you can help me.. or you have a specific reference to me learn it? Just a simple example maybe? Thx
Not certain of this... But I don't think a pure BLP even has a root. The two systems I had access to (both were the old Cray Y systems) with a BLP foundation had extensions to allow for a root.
I'm not sure the BLP implemented is actually usable. There are a LOT of difficult areas, and I'm not certain they have been addressed. I don't believe anyone actually uses it.
1. X can't be used (not BLP aware)
2. without IPsec, network connections can't be labelled either.
3. Administration must (in a pure environment) be done before the system is booted - which means all configurations have to be set with SELinux disabled (or in permissive mode).
I think it was created more to show that the SELinux model(flask) could be used to define a BLP operation, thus showing the flask foundation was more powerful.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.