[refpolicy] [Backup 1/1] Clean up the Back up modules.

[refpolicy] [Backup 1/1] Clean up the Back up modules.

[Dominick Grift]

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 223b7f2... d924d71... M	policy/modules/admin/backup.fc
:100644 100644 1017b7a... 44ee47c... M	policy/modules/admin/backup.if
:100644 100644 0bfc958... e656c20... M	policy/modules/admin/backup.te
 policy/modules/admin/backup.fc |   13 +++----------
 policy/modules/admin/backup.if |    8 +++++---
 policy/modules/admin/backup.te |    1 -
 3 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
index 223b7f2..d924d71 100644
--- a/policy/modules/admin/backup.fc
+++ b/policy/modules/admin/backup.fc
@@ -1,13 +1,6 @@
-# backup
-# label programs that do backups to other files on disk (IE a cron job that
-# calls tar) in backup_exec_t and label the directory for storing them as
-# backup_store_t, Debian uses /var/backups
+/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
 
-#/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
-
-ifdef(`distro_debian',`
-/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
-/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
-')
+/etc/cron\.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
+/etc/cron\.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
 
 /var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
index 1017b7a..44ee47c 100644
--- a/policy/modules/admin/backup.if
+++ b/policy/modules/admin/backup.if
@@ -2,7 +2,8 @@
 
 ########################################
 ## <summary>
-##	Execute backup in the backup domain.
+##	Execute a domain transition to run
+##	Backup.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -20,8 +21,9 @@ interface(`backup_domtrans',`
 
 ########################################
 ## <summary>
-##	Execute backup in the backup domain, and
-##	allow the specified role the backup domain.
+##	Execute a domain transition to run
+##	Backup, and allow the specified role
+##	the Backup domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
index 0bfc958..e656c20 100644
--- a/policy/modules/admin/backup.te
+++ b/policy/modules/admin/backup.te
@@ -51,7 +51,6 @@ corenet_sendrecv_all_client_packets(backup_t)
 
 dev_getattr_all_blk_files(backup_t)
 dev_getattr_all_chr_files(backup_t)
-# for SSP
 dev_read_urand(backup_t)
 
 domain_use_interactive_fds(backup_t)
-- 
1.7.2.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100903/c9e2dc89/attachment.bin 

[refpolicy] [Backup 1/1] Clean up the Back up modules.

[Christopher J. PeBenito]

On 09/03/10 11:50, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>
> ---
> :100644 100644 223b7f2... d924d71... M	policy/modules/admin/backup.fc
> :100644 100644 1017b7a... 44ee47c... M	policy/modules/admin/backup.if
> :100644 100644 0bfc958... e656c20... M	policy/modules/admin/backup.te
>   policy/modules/admin/backup.fc |   13 +++----------
>   policy/modules/admin/backup.if |    8 +++++---
>   policy/modules/admin/backup.te |    1 -
>   3 files changed, 8 insertions(+), 14 deletions(-)
>
> diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
> index 223b7f2..d924d71 100644
> --- a/policy/modules/admin/backup.fc
> +++ b/policy/modules/admin/backup.fc
> @@ -1,13 +1,6 @@
> -# backup
> -# label programs that do backups to other files on disk (IE a cron job that
> -# calls tar) in backup_exec_t and label the directory for storing them as
> -# backup_store_t, Debian uses /var/backups
> +/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
>
> -#/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)

This has traditionally been an example for a script.  Is there a distro 
that actually has this script?  If not, it should stay a comment.

> -
> -ifdef(`distro_debian',`
> -/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
> -/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
> -')
> +/etc/cron\.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
> +/etc/cron\.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
>
>   /var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
> diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
> index 1017b7a..44ee47c 100644
> --- a/policy/modules/admin/backup.if
> +++ b/policy/modules/admin/backup.if
> @@ -2,7 +2,8 @@
>
>   ########################################
>   ##<summary>
> -##	Execute backup in the backup domain.
> +##	Execute a domain transition to run
> +##	Backup.
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> @@ -20,8 +21,9 @@ interface(`backup_domtrans',`
>
>   ########################################
>   ##<summary>
> -##	Execute backup in the backup domain, and
> -##	allow the specified role the backup domain.
> +##	Execute a domain transition to run
> +##	Backup, and allow the specified role
> +##	the Backup domain.
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
> index 0bfc958..e656c20 100644
> --- a/policy/modules/admin/backup.te
> +++ b/policy/modules/admin/backup.te
> @@ -51,7 +51,6 @@ corenet_sendrecv_all_client_packets(backup_t)
>
>   dev_getattr_all_blk_files(backup_t)
>   dev_getattr_all_chr_files(backup_t)
> -# for SSP
>   dev_read_urand(backup_t)

As far as I know, this is still true, so it should be kept.

>   domain_use_interactive_fds(backup_t)

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] [Backup 1/1] Clean up the Back up modules.

[Dominick Grift]

On Thu, Sep 09, 2010 at 08:29:36AM -0400, Christopher J. PeBenito wrote:
> On 09/03/10 11:50, Dominick Grift wrote:
> >Signed-off-by: Dominick Grift<domg472@gmail.com>
> >---
> >:100644 100644 223b7f2... d924d71... M	policy/modules/admin/backup.fc
> >:100644 100644 1017b7a... 44ee47c... M	policy/modules/admin/backup.if
> >:100644 100644 0bfc958... e656c20... M	policy/modules/admin/backup.te
> >  policy/modules/admin/backup.fc |   13 +++----------
> >  policy/modules/admin/backup.if |    8 +++++---
> >  policy/modules/admin/backup.te |    1 -
> >  3 files changed, 8 insertions(+), 14 deletions(-)
> >
> >diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
> >index 223b7f2..d924d71 100644
> >--- a/policy/modules/admin/backup.fc
> >+++ b/policy/modules/admin/backup.fc
> >@@ -1,13 +1,6 @@
> >-# backup
> >-# label programs that do backups to other files on disk (IE a cron job that
> >-# calls tar) in backup_exec_t and label the directory for storing them as
> >-# backup_store_t, Debian uses /var/backups
> >+/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
> >
> >-#/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
> 
> This has traditionally been an example for a script.  Is there a
> distro that actually has this script?  If not, it should stay a
> comment.

We already have an example policy in doc/. Maybe we should just remove this module altogether?
> 
> >-
> >-ifdef(`distro_debian',`
> >-/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
> >-/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
> >-')
> >+/etc/cron\.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
> >+/etc/cron\.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
> >
> >  /var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
> >diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
> >index 1017b7a..44ee47c 100644
> >--- a/policy/modules/admin/backup.if
> >+++ b/policy/modules/admin/backup.if
> >@@ -2,7 +2,8 @@
> >
> >  ########################################
> >  ##<summary>
> >-##	Execute backup in the backup domain.
> >+##	Execute a domain transition to run
> >+##	Backup.
> >  ##</summary>
> >  ##<param name="domain">
> >  ##	<summary>
> >@@ -20,8 +21,9 @@ interface(`backup_domtrans',`
> >
> >  ########################################
> >  ##<summary>
> >-##	Execute backup in the backup domain, and
> >-##	allow the specified role the backup domain.
> >+##	Execute a domain transition to run
> >+##	Backup, and allow the specified role
> >+##	the Backup domain.
> >  ##</summary>
> >  ##<param name="domain">
> >  ##	<summary>
> >diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
> >index 0bfc958..e656c20 100644
> >--- a/policy/modules/admin/backup.te
> >+++ b/policy/modules/admin/backup.te
> >@@ -51,7 +51,6 @@ corenet_sendrecv_all_client_packets(backup_t)
> >
> >  dev_getattr_all_blk_files(backup_t)
> >  dev_getattr_all_chr_files(backup_t)
> >-# for SSP
> >  dev_read_urand(backup_t)
> 
> As far as I know, this is still true, so it should be kept.

What is true that ssp requires urandom, or the the backup domain needs dev_read_urandom.
Eitherway i just removed to comment not the interface call.

But i can tell you from experience that a backup script does not usually need access to urandom.

> 
> >  domain_use_interactive_fds(backup_t)
> 
> -- 
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100909/879a5f19/attachment.bin 

[refpolicy] [Backup 1/1] Clean up the Back up modules.

[Christopher J. PeBenito]

On 09/09/10 08:38, Dominick Grift wrote:
> On Thu, Sep 09, 2010 at 08:29:36AM -0400, Christopher J. PeBenito wrote:
>> On 09/03/10 11:50, Dominick Grift wrote:
>>> Signed-off-by: Dominick Grift<domg472@gmail.com>
>>> ---
>>> :100644 100644 223b7f2... d924d71... M	policy/modules/admin/backup.fc
>>> :100644 100644 1017b7a... 44ee47c... M	policy/modules/admin/backup.if
>>> :100644 100644 0bfc958... e656c20... M	policy/modules/admin/backup.te
>>>   policy/modules/admin/backup.fc |   13 +++----------
>>>   policy/modules/admin/backup.if |    8 +++++---
>>>   policy/modules/admin/backup.te |    1 -
>>>   3 files changed, 8 insertions(+), 14 deletions(-)
>>>
>>> diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
>>> index 223b7f2..d924d71 100644
>>> --- a/policy/modules/admin/backup.fc
>>> +++ b/policy/modules/admin/backup.fc
>>> @@ -1,13 +1,6 @@
>>> -# backup
>>> -# label programs that do backups to other files on disk (IE a cron job that
>>> -# calls tar) in backup_exec_t and label the directory for storing them as
>>> -# backup_store_t, Debian uses /var/backups
>>> +/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
>>>
>>> -#/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
>>
>> This has traditionally been an example for a script.  Is there a
>> distro that actually has this script?  If not, it should stay a
>> comment.
>
> We already have an example policy in doc/. Maybe we should just remove this module altogether?

I think you might be misunderstanding.  I'm only saying that the above 
/usr/local/bin/backup-script file context should remain commented unless 
there is a distro that actually has it.  The policy should stay since 
the below scripts use it.  If they are gone on debian, then we can 
consider removing it.

>>> -
>>> -ifdef(`distro_debian',`
>>> -/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
>>> -/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
>>> -')
>>> +/etc/cron\.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
>>> +/etc/cron\.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
>>>
>>>   /var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
>>> diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
>>> index 1017b7a..44ee47c 100644
>>> --- a/policy/modules/admin/backup.if
>>> +++ b/policy/modules/admin/backup.if
>>> @@ -2,7 +2,8 @@
>>>
>>>   ########################################
>>>   ##<summary>
>>> -##	Execute backup in the backup domain.
>>> +##	Execute a domain transition to run
>>> +##	Backup.
>>>   ##</summary>
>>>   ##<param name="domain">
>>>   ##	<summary>
>>> @@ -20,8 +21,9 @@ interface(`backup_domtrans',`
>>>
>>>   ########################################
>>>   ##<summary>
>>> -##	Execute backup in the backup domain, and
>>> -##	allow the specified role the backup domain.
>>> +##	Execute a domain transition to run
>>> +##	Backup, and allow the specified role
>>> +##	the Backup domain.
>>>   ##</summary>
>>>   ##<param name="domain">
>>>   ##	<summary>
>>> diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
>>> index 0bfc958..e656c20 100644
>>> --- a/policy/modules/admin/backup.te
>>> +++ b/policy/modules/admin/backup.te
>>> @@ -51,7 +51,6 @@ corenet_sendrecv_all_client_packets(backup_t)
>>>
>>>   dev_getattr_all_blk_files(backup_t)
>>>   dev_getattr_all_chr_files(backup_t)
>>> -# for SSP
>>>   dev_read_urand(backup_t)
>>
>> As far as I know, this is still true, so it should be kept.
>
> What is true that ssp requires urandom, or the the backup domain needs dev_read_urandom.
> Eitherway i just removed to comment not the interface call.
>
> But i can tell you from experience that a backup script does not usually need access to urandom.

That's precisely why I want to keep the comment.  If we know why the 
rule is there in refpolicy, then people that want to customize the 
policy can remove it if they know that they don't use SSP.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com