Skip to content

Selinux MCS generate a single category context and may be accessed by another machine

Goal

A machine(image file) with context like system_u:system_r:svirt_tcg_t:s0:c423 can be accessed by a machine with context like system_u:system_r:svirt_tcg_t:s0:c423,c792. This should be avoided.

Technical details

In src/security/security_selinux.c, virSecuritySELinuxMCSFind(), We can see that the program randomly gets two numbers. But if c1 == c2, the program will generate a single category context like s0:cXXX,

if (c1 == c2) {
            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
        }

But if we have got machine with context like "s0:cXXX,cYYY" ,It will be able to read the image of machine with "s0:cXXX". This should be avoided.

Additional information

if (c1 == c2) {
            VIR_FREE(mcs);
            continue;
        }
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information