From: guido@trentalancia.com (Guido Trentalancia)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH]: missing file context for system-tools-backends (gnome)
Date: Sat, 23 Jun 2012 11:52:28 +0200 [thread overview]
Message-ID: <1340445148.2934.14.camel@vortex> (raw)
In-Reply-To: <1340442729.1572.7.camel@x220.mydomain.internal>
Hello Dominick.
On Sat, 2012-06-23 at 11:12 +0200, Dominick Grift wrote:
> On Sat, 2012-06-23 at 10:59 +0200, Guido Trentalancia wrote:
>
> >
> > And by the way, since you were asking, comecmd_exec_bin is needed when
> > the backends are executed, for example, by gnome-system-tools (since the
> > script had been labelled as a generic binary executable to avoid
> > creating a new module built for the purpose).
> >
> > Not everybody might want system_dbusd_t to execute binaries, so that's
> > the reason for the boolean.
> >
> > Regards,
> >
> > Guido
> >
>
> I am still trying to make sense out of all this, but:
>
> I guess we should make system-tools-backends a dbus_system_domain() i.e.
> make system_dbusd_t domain transition to a private domain type for
> system-tools-backends when its executable files get executed.
>
> That way we don't have to allow systemd_dbusd_t to run generic binaries.
Yes, that would be much better of course !
Consider gnome-system-tools is a GUI that is meant to configure network,
system users, shared filesystems or folders and system time. That is why
we would need a boolean as a lot of people would probably like to
disable such administrative functionality in the policy (it is still
possible to have the boolean default to true, as in the latest
modification sketch that I posted, for a more usable generic system).
Can you sketch a few lines of policy modifications for the domain
transition that you are talking about ? I guess you want to define a new
domain, therefore create a new module for system-tools-backends ? And
then allow a domain transition from dbus.te to such domain. And perhaps
finally label the system-tools-backends perl script with its
own ?_exec_t type instead of the generic binary which is more risky ?
Regards,
Guido
next prev parent reply other threads:[~2012-06-23 9:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-20 21:03 [refpolicy] [PATCH]: missing file context for system-tools-backends (gnome) Guido Trentalancia
2012-06-21 8:41 ` Dominick Grift
2012-06-21 17:38 ` Guido Trentalancia
2012-06-21 17:58 ` Dominick Grift
2012-06-21 18:06 ` Dominick Grift
2012-06-21 18:41 ` [refpolicy] [PATCH v2]: " Guido Trentalancia
2012-06-21 18:53 ` Daniel J Walsh
2012-06-21 18:27 ` [refpolicy] [PATCH]: " Guido Trentalancia
2012-06-23 8:59 ` Guido Trentalancia
2012-06-23 9:12 ` Dominick Grift
2012-06-23 9:52 ` Guido Trentalancia [this message]
2012-06-23 10:19 ` Dominick Grift
2012-06-24 1:14 ` Guido Trentalancia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1340445148.2934.14.camel@vortex \
--to=guido@trentalancia.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.