When MLS is active, CA Top Secret assigns the security label of the process, if one exists, to the IPC security packet (ISP) at the time the ISP is created. Then, processes can only communicate with each other if their seclabels are equivalent.
Important! Once a security label has been assigned to an IPC object, it can never be changed.
If the MLS option to require security labels for UNIX IPC objects has been activated (MLIPCOBJ(YES)), all UNIX IPC objects must have security labels; otherwise, all accesses to these objects will be denied by CA Top Secret.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|