Section 10.4. System V IPC

10.4. System V IPC

The System V interprocess communication (IPC) objects are, with the exception of the msg objects, labeled with the security context of the creating process. For example, if a process with the security context user_u:object_r:user_xserver_t creates a shared memory segment, the associated shm object would have the same security context, user_u:object_r:user_xserver_t. This labeling behavior is the same for the shm, sem, and msgq object classes.

The msg objects are labeled using type_transition rules (see Chapter 5). The rule uses the type of the sending process and the type of the message queue. For example, the type of the messages sent on that message queue could be specified with a type_transition rule, as follows:

type_transition user_t user_xserver_t : msg user_msg_t;

This type_transition rule states that when processes with the type user_t send messages on a message queue of type user_xserver_t, the message type should be user_msg_t. Unlike other type_transition rules previously discussed, no provision exists for a process to explicitly request the type of the message and override the rule. If there is no matching type_transition rule, the message receives the same type as the sending process.

Regardless of whether the message receives the type through inheritance or a type_transition rule, the process must have permission to send messages of that type. For example, the following allow rule would be required for the example type_transition rule above:

allow user_t user_msg_t : msg send;

This allow rule states that processes of type user_t are allowed to send messages of type user_msg_t. Notice that there is no access needed to label the message, only the ability to send the message. There is no provision for creating messages without sending. These conditions are all based on the implementation of System V messages and message queues.