| (To summarize the exchange below):
In V4.0A it is available as a "single-level" type file system.
IOW, AdvFS does have to be modified to make it multi-level, etc., and
that has not yet been done (funded/scheduled); but that doesn't
preclude its use.
-----
From: KAMLIA::king "David King USG" 14-FEB-1997 09:21:51.35
To: bat@dec:.zko.smurf (Segui la tua beatitudine)
CC: milicia@DEC:.zko.kamlia (Michael A. Milicia USG)
Subj: Re: Notefile DEC_MLS_PLUS Note 450.0
re: .0
Its not missing. Its just doesn't provide per-file security attributes,
and a command set that supports role separation.
> let me get this straight -- you mean you can create
> "single-level" (or unlabelled) AdvFs file systems?
> (just as you can do with vanilla UFS ones?)
Yes, starting in V4.0A.
DavE
|
| From: KAMLIA::milicia "Michael A. Milicia USG" 14-FEB-1997 09:42:46.01
To: king@DEC:.zko.kamlia
CC: bat@dec:.zko.smurf
Subj: Re: Notefile DEC_MLS_PLUS Note 450.0
In other words, it is supported in MLS+ V4.0A as a
single-level filesystem.
Security attributes must be specified
during mount and those attributes will be implicitly
associated with every object on the filesystem for the
duration of the mount.
As Dave also points out, you must be root (uid 0) to properly
administer AdvFS in MLS+ V4.0A.
Giving a user a set of command auths will not be sufficient.
Adding full multi-level security support to AdvFS
would indeed require significant engineering changes to the
filesystem code.
-- Mike
|
| From: David King USG <king>
Subject: AdvFS
To: thomson (Barbara Thomson UEG Engineering)
Date: Fri, 14 Feb 1997 10:10:52 -0500 (EST)
One thing that may also be worth noting is that the AdvFS GUI
is not supported. It requires CDE, therefore will not
even install.
DavE
|