Control Resources are shared resources that have no physical manifestation and are attached to the domain that manages them. Control resources include many IPC mechanisms, such as POSIX message queues, which are labeled with their creator’s type upon instantiation. Similarly, files in /proc are automatically labeled with the type of the process they represent. Although not a distinct resource themselves, a signal can be thought of as a resource labeled with the sender’s type.
Because these IPC mechanisms get the same label as the domain that manages them, it is impossible to have a private instance of a control resource if that control resource also needs to be accessible to external domains. Both the public and private instances would have the same label, and would therefore be equivalent in the resulting policy. For example, suppose there are two domains, domain A and domain B. Domain A is permitted to access one of domain B’s message queues. This access must persist across all of the domain B's message queues since they all must have the same type.
©2005 - 2008 Tresys Technology, LLC
Patent Pending