Default Policy question? - Daniel J Walsh

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel J Walsh <dwalsh@redhat.com>
To: SELinux@tycho.nsa.gov
Subject: Default Policy question?
Date: Mon, 02 Jun 2003 12:04:21 -0400	[thread overview]
Message-ID: <3EDB7585.8050308@redhat.com> (raw)

Has anyone discussed the problem of having root be a member of the 
sysadm_r role.  Is there a way to define policy such that you could
allow a sysadmin to manipulate configuration without allowing them to
effect policy?  Ie, does the default policy allow someone the ability to
change the /etc/printcap file but not run load_policy?  Should we have 
three levels of user by default.  My problem with this is that 
sysadmin's are going to become root and run newrole to sysadm_r to 
manipulate configuration.  If they stay newrole and run a trojaned app,
security is compromized.

user_r    - Very little privs for general users
sysadm_r  - Ability to manipulate all standard Linux config files.
policy_r  - Ability to change the way the kernel handles policy. 
(/etc/security/selinux/*, /etc/grup.conf, chsid, avc_toggle ...)

policy_r should not be defaulted to the root user but garnered in some 
other way.

Anyone have any ideas on this?

Dan

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next             reply	other threads:[~2003-06-02 16:04 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-02 16:04 Daniel J Walsh [this message]
2003-06-02 17:21 ` Default Policy question? Stephen Smalley
2003-06-02 21:03   ` Tom
2003-06-02 23:51     ` Russell Coker
2003-06-03  6:30       ` Tom
2003-06-03 13:31         ` Russell Coker
2003-06-03 12:20     ` Stephen Smalley
2003-06-03 17:20       ` Tom
2003-06-02 18:11 ` Tom
2003-06-02 20:22 ` Frank Mayer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3EDB7585.8050308@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=SELinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.