From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: Ivan Gyurdiev <ivg2@cornell.edu>, selinux@tycho.nsa.gov
Subject: Re: Java Legacy problem
Date: Mon, 21 Feb 2005 15:38:52 +0000 [thread overview]
Message-ID: <20050221153852.GW14038@lkcl.net> (raw)
In-Reply-To: <4219FA78.9010208@redhat.com>
On Mon, Feb 21, 2005 at 10:12:56AM -0500, Daniel J Walsh wrote:
> My goal is to have a user domain and the equivalent userdomain + legacy
> stuff.
>
> So only applications that are marked legacy can do the execmod/execmem
> stuff. But have the same privs as any other userdomain
> executable.
>
> This is one of the things that SELinux does not handle well.
no. *sigh*. it has to be explicitly spelled out.
> When a
> user runs this app, add these privs to his existing privs.
the solutions to this proposed so far [add these privs] have been
ruled out on the grounds that it is exceptionally difficult to do
the off-line policy analysis.
... which reminds me of another potential solution i thought of.
you know how linux security modules are stackable, right?
well... how about stacking policies as well?
so you could define a list of binary policies that must be
applied, and the order in which they must be applied, and
whether (like PAM) they are "sufficient" or "required".
so you could have _two_ policies, one which allowed legacy
stuff on user_t _and_ user_java_t (yes, note carefully,
i said _both_!), and one which allowed legacy stuff on ONLY
user_java_t.
the effect of having to go through both policies (which in all other
respects would be identical) would be that, other than a performance
hit, you'd end up with the apparent result that user_t is not
allowed to do legacy stuff, but user_java_t is.
i believe that the task of "combining" the policy.conf plus the
rules for off-line auditing checking would be a lot simpler than
previously proposed solutions.
l.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-02-21 15:31 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-20 14:45 Java Legacy problem Ivan Gyurdiev
2005-02-20 15:44 ` Luke Kenneth Casson Leighton
2005-02-20 15:53 ` Ivan Gyurdiev
2005-02-20 17:17 ` Luke Kenneth Casson Leighton
2005-02-21 13:01 ` Daniel J Walsh
2005-02-21 13:24 ` Ivan Gyurdiev
2005-02-21 13:59 ` Daniel J Walsh
2005-02-21 14:24 ` Ivan Gyurdiev
2005-02-21 15:06 ` Luke Kenneth Casson Leighton
2005-02-21 15:12 ` Daniel J Walsh
2005-02-21 15:38 ` Luke Kenneth Casson Leighton [this message]
2005-02-22 13:36 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050221153852.GW14038@lkcl.net \
--to=lkcl@lkcl.net \
--cc=dwalsh@redhat.com \
--cc=ivg2@cornell.edu \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.