Re: Information about XSELinux

[Ole Kliemann <ole@plastictree.net>]

[-- Attachment #1: Type: text/plain, Size: 2348 bytes --]

On Fri, Jul 27, 2012 at 02:02:15PM +1000, Russell Coker wrote:
> Could you blog about all the details?
> 
> I've wanted to get X access control in Debian for a while.

Sure! I'm just not sure how helpful it's gonna be, because my 
policy is from scratch and pretty specialised for me. I'm scared 
of the reference policy and frankly believe it's faster for me to 
write the things I need from scratch than to find out how to do 
this within the reference policy.

Of course I could use the reference policy as a base and write 
only my stuff for user separation under X from scratch. But here 
Ubuntu comes into play. I have to admit I haven't extensively 
tested SELinux under Ubuntu, but I did look quite old. And from 
what I read, AppArmor is the supported LSM under Ubuntu and one 
should not expect much support for SELinux.

I need something that is either maintained actively or can be 
maintained by myself with minimal effort. Neither applies to 
reference policy under Ubuntu. I wouldn't want to leave Ubuntu 
unless neccessary, so I'm writing from scratch.

Besides, I have some doubts about the underlying paradigm of a 
security policy that gets _that_ complicated. But that's nothing 
I really thought through so far.


Getting X11 with XSELinux was pretty easy actually. I just got 
the source package, changed 'debian/rules' replacing the 
'--disable-selinux' with '--enable-selinux' and build and 
installed the package. Did 'setsebool -P xserver_object_manager 
true' and XSELinux was good to go.

I then wrote a monolithic policy. I still use traditional linux 
users to separate the different contexts I work with (mail, 
browser, ...), like I have done for years. But instead of using 
the crappy trusted/untrusted-model of the old SECURITY extension, 
I separated the user contexts under X using SELinux.

So I specificly target only user contexts and only the X-portion 
of access vectors. I could send you this policy, but it's messy 
and probably useless to you.

I'm currently writing a new, modular policy targeting some system 
daemons and separating my user contexts by SELinux without the 
need for traditional linux users. I can tell you when it's done. 
But again, it will be pretty specialised for my needs.

Was there anything specific you wanted to know?

Ole

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]