init.te

[Russell Coker <russell@coker.com.au>]

[-- Attachment #1: Type: text/plain, Size: 770 bytes --]

There should never be a sock_file or fifo_file object labelled as sbin_t or 
bin_t, so there is no benefit in granting init_t such access.

I can't think of any reason for granting init_t access to exec_type (except 
possibly a gross error in some other part of policy), and booting a rawhide 
machine without such access does not give any audit messages.

I have drastically reduced the access of init_t to sbin_t, bin_t, and removed 
access to exec_type, the patch is attached.

Steve, please put this in the CVS.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: init.diff --]
[-- Type: text/x-diff, Size: 1029 bytes --]

diff -ru /usr/src/se/policy/domains/program/init.te ./domains/program/init.te
--- /usr/src/se/policy/domains/program/init.te	2004-06-17 15:10:38.000000000 +1000
+++ ./domains/program/init.te	2004-07-11 17:37:09.000000000 +1000
@@ -70,11 +70,8 @@
 allow init_t self:fifo_file rw_file_perms;
 
 # Permissions required for system startup
-allow init_t bin_t:dir { read getattr lock search ioctl };
-allow init_t bin_t:{ file lnk_file sock_file fifo_file } { read getattr lock ioctl };
-allow init_t exec_type:{ file lnk_file } { read getattr lock ioctl };
-allow init_t sbin_t:dir { read getattr lock search ioctl };
-allow init_t sbin_t:{ file lnk_file sock_file fifo_file } { read getattr lock ioctl };
+allow init_t { bin_t sbin_t }:dir r_dir_perms;
+allow init_t { bin_t sbin_t }:{ file lnk_file } { read getattr lock ioctl };
 
 # allow init to fork
 allow init_t self:process { fork sigchld };
@@ -136,4 +133,4 @@
 ')
 r_dir_file(init_t, sysfs_t)
 
-r_dir_file( init_t, selinux_config_t)
+r_dir_file(init_t, selinux_config_t)