In the last section we left off on compartments and labels. I think we have explained what and how the label works with the files and processes in a system, compartments have a good chance at making your head hurt.
Here is an example label with a compartment.
Ok so what is this? With the biba stuff in FreeBSD you can use ‘ps’ to report on the label that is applied to processes using the flag “-Z”. The biba/ on the end is the actual label, I will break it down.
The 50 ( between the / and the : ) is the level of the process, the numbers following the ‘:’ are the compartments that the process is assigned to. ( These are 0 – 255 )
In the next part we will go into how this effects how biba operates.