[Fwd: Re: avc_toggle and avc

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Fwd: Re: avc_toggle and avc_enforcing]
@ 2003-10-16 13:31 Daniel J Walsh
  2003-10-16 15:55 ` Russell Coker
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel J Walsh @ 2003-10-16 13:31 UTC (permalink / raw)
  To: SELinux

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: Re: avc_toggle and avc_enforcing --]
[-- Type: message/rfc822, Size: 7312 bytes --]

[-- Attachment #2.1.1: Type: text/plain, Size: 2518 bytes --]

Kerry Thompson wrote:

>Speaking of which, I'd like to assemble a quick list of userland ( or more
>accurately, adminland ) changes between the current release and the
>previous non-/selinux release to update the documentation I've got, like
>the U-FAQ. The ones I've noticed so far :
>
>- avc_enforcing, avc_toggle replaced by /selinux/enforcing
>- id command requires -c to display context
>  
>
This has been converted to -Z in latest patches, for consistency.

>- ps command uses -Z to display context
>- initrd now mandatory
>  
>
We are working to remove this requirement.

>- selinux kernel boot option
>- multiple changes to installation procedure
>  
>
>- SRPMs added to installation image
>- new tools added ( Tresys tools, star )
>- binary RPMs available ( thanks Daniel )
>
>  
>
Your welcome.

>I've looked into the ChangeLog files, but there really isn't much info
>there, so I'd like to hear of any other changes that have been made which
>need to be documented.
>
>  
>
We are working to eliminate root assumptions in the OS and replace them 
with ones based on
security contexts.  So config tools should be prompting for your 
password instead of root password. 

One goal of userland changes is that the average user should not have to 
know that he is running
on a SELinux machine.  A system administrator should be able to manage 
the machine with limited knowlege of the way policy works.

>I'm still working on getting my test system up to the new 2.4 and 2.6,
>unfortunately I rendered it unbootable last night so it will take a little
>longer than expected ( note to self : make sure kernel can build an initrd
>before removing /boot/initrd* ).
>
>Kerry
>
>
>Stephen Smalley said:
>  
>
>>On Tue, 2003-10-14 at 08:15, Carlos AnÃsio Monteiro wrote:
>>    
>>
>>>Please, where I find the commands: avc_toggle and avc_enforcing. What
>>>are it the packages where it are?
>>>      
>>>
>>They no longer exist as programs.  With the new SELinux API, you can
>>simply 'cat /selinux/enforce' to see the current enforcing value,
>>'echo 1 > /selinux/enforce' to switch into enforcing mode, and
>>'echo  > /selinux/enforce' to switch into permissive mode (if permitted
>>by the policy).
>>
>>--
>>Stephen Smalley <sds@epoch.ncsc.mil>
>>National Security Agency
>>    
>>
>
>
>--
>This message was distributed to subscribers of the selinux mailing list.
>If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>the words "unsubscribe selinux" without quotes as the message.
>  
>

[-- Attachment #2.1.2: Type: text/html, Size: 3819 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Fwd: Re: avc_toggle and avc_enforcing]
  2003-10-16 13:31 [Fwd: Re: avc_toggle and avc_enforcing] Daniel J Walsh
@ 2003-10-16 15:55 ` Russell Coker
  0 siblings, 0 replies; 2+ messages in thread
From: Russell Coker @ 2003-10-16 15:55 UTC (permalink / raw)
  To: Daniel J Walsh, SELinux

On Thu, 16 Oct 2003 23:31, Daniel J Walsh wrote:
> on a SELinux machine.  A system administrator should be able to manage
> the machine with limited knowlege of the way policy works.

I guess that the next thing we want is per-role instantiations for run_init.  
So for example we could have:
full_user_role(dba)
run_program(dba_t, dba_r, dba, initrc_exec_t, postgresql_t)
allow run_dba_t self:capability setuid;

Then the Database administrator could login as user:dba_r:dba_t to run all 
unix programs, and they could have a SUID root program with type 
run_dba_exec_t which would run /etc/init.d/postgresql with specified 
parameters.  That combined with a few rules relating to file access would 
give them full control over the database server without granting any access 
to the rest of the system.

NB It's quite important that such uses of run_program which have something 
other than sysadm_t as the first parameter do not have initrc_t as the last 
parameter!  It is very important that we restrict initrc_t.

Also it's very important that the program which has run_dba_exec_t is a very 
simple program that sets it's UID, sets the execute context, and executes the 
script.  As it has privrole we want to be very sure that it does not do the 
wrong thing.  Privrole is necessary as it has to start the daemon as 
system_r.

I've been meaning to write policy for this for some time, but have lacked 
suitable opportunities for testing.  The machines I've been involved in 
running recently have all had a boolean policy regarding administrative 
privs...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2003-10-16 15:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-16 13:31 [Fwd: Re: avc_toggle and avc_enforcing] Daniel J Walsh
2003-10-16 15:55 ` Russell Coker

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.