* Security contexts for the contexts directory?
@ 2004-05-27 11:54 Daniel J Walsh
2004-05-27 13:16 ` Stephen Smalley
0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2004-05-27 11:54 UTC (permalink / raw)
To: SELinux, Fedora SELinux support list for users & developers.
With the new design of the policy tree, we have moved the "contexts"
files into
/etc/selinux/*/contexts/
These files include default_contexts, file_contexts, default_type,
failsafe_contexts ...
as well as contexts for individual users like users/root. Currently the
security contexts for these files is etc_t. Should we change them so
something else? default_contexts_t? Should file_contexts be marked
differently then the others?
Also since policy is determined by /etc/sysconfig/selinux, should we set
a special security context on it? If we do should we move it to a
directory where it would be easier to maintain the security context?
Maybe rename it to /etc/selinux/config?
Dan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Security contexts for the contexts directory?
2004-05-27 11:54 Security contexts for the contexts directory? Daniel J Walsh
@ 2004-05-27 13:16 ` Stephen Smalley
2004-05-27 13:54 ` Daniel J Walsh
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2004-05-27 13:16 UTC (permalink / raw)
To: Daniel J Walsh
Cc: SELinux, Fedora SELinux support list for users & developers.
On Thu, 2004-05-27 at 07:54, Daniel J Walsh wrote:
> With the new design of the policy tree, we have moved the "contexts"
> files into
> /etc/selinux/*/contexts/
>
> These files include default_contexts, file_contexts, default_type,
> failsafe_contexts ...
> as well as contexts for individual users like users/root. Currently the
> security contexts for these files is etc_t. Should we change them so
> something else? default_contexts_t? Should file_contexts be marked
> differently then the others?
I'd suggest a single type (other than etc_t) for default_contexts,
default_type, failsafe_context, and the other files installed from
policy/appconfig. file_contexts should likely have a different type to
allow different access, so perhaps it should have its own directory and
type. With the old layout and policy, it ends up in policy_config_t,
but I think we want to distinguish it from the binary policy file as
well as from the appconfig files.
> Also since policy is determined by /etc/sysconfig/selinux, should we set
> a special security context on it? If we do should we move it to a
> directory where it would be easier to maintain the security context?
> Maybe rename it to /etc/selinux/config?
I would prefer having a distinct type on it (and moving it to a
directory with that type so that we can easily preserve the type), as
the integrity of that file is critical to SELinux, at least in the
Fedora Core implementation.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Security contexts for the contexts directory?
2004-05-27 13:16 ` Stephen Smalley
@ 2004-05-27 13:54 ` Daniel J Walsh
2004-05-27 14:27 ` Stephen Smalley
0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2004-05-27 13:54 UTC (permalink / raw)
To: Stephen Smalley
Cc: SELinux, Fedora SELinux support list for users & developers.
Stephen Smalley wrote:
>On Thu, 2004-05-27 at 07:54, Daniel J Walsh wrote:
>
>
>>With the new design of the policy tree, we have moved the "contexts"
>>files into
>>/etc/selinux/*/contexts/
>>
>>These files include default_contexts, file_contexts, default_type,
>>failsafe_contexts ...
>>as well as contexts for individual users like users/root. Currently the
>>security contexts for these files is etc_t. Should we change them so
>>something else? default_contexts_t? Should file_contexts be marked
>>differently then the others?
>>
>>
>
>I'd suggest a single type (other than etc_t) for default_contexts,
>default_type, failsafe_context, and the other files installed from
>policy/appconfig. file_contexts should likely have a different type to
>allow different access, so perhaps it should have its own directory and
>type. With the old layout and policy, it ends up in policy_config_t,
>but I think we want to distinguish it from the binary policy file as
>well as from the appconfig files.
>
>
>
Ok how about, default_contexts_t for contexts directory and users
directory. Create a new directory called files and put file_contexts in
there with a context of file_contexts_t.
>>Also since policy is determined by /etc/sysconfig/selinux, should we set
>>a special security context on it? If we do should we move it to a
>>directory where it would be easier to maintain the security context?
>>Maybe rename it to /etc/selinux/config?
>>
>>
>
>I would prefer having a distinct type on it (and moving it to a
>directory with that type so that we can easily preserve the type), as
>the integrity of that file is critical to SELinux, at least in the
>Fedora Core implementation.
>
>
>
Should that have default_contexts_t also? Or something different?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Security contexts for the contexts directory?
2004-05-27 13:54 ` Daniel J Walsh
@ 2004-05-27 14:27 ` Stephen Smalley
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2004-05-27 14:27 UTC (permalink / raw)
To: Daniel J Walsh
Cc: SELinux, Fedora SELinux support list for users & developers.
On Thu, 2004-05-27 at 09:54, Daniel J Walsh wrote:
> Ok how about, default_contexts_t for contexts directory and users
> directory. Create a new directory called files and put file_contexts in
> there with a context of file_contexts_t.
The existing default_context_t (no 's') type seems reasonable for the
contexts directory and users subdirectory. Note however that this will
likely require new allow rules in the policy, as some domains may have
previously had read access to the files under etc_t and will now need
read permission to default_context_t.
> Should that have default_contexts_t also? Or something different?
/etc/selinux/config should have a different type. We could define a
type for the /etc/selinux directory and simply use that type for the
config file as well to ease maintenance. That would also make sense
from a control perspective - you are unlikely to be allowed to modify
the /etc/selinux directory (e.g. add new policies under it) unless you
can also modify /etc/selinux/config to set the type. No other files
under /etc/selinux would normally have that type, as everything else is
a subdirectory and has a separate type assigned.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-05-27 14:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-05-27 11:54 Security contexts for the contexts directory? Daniel J Walsh
2004-05-27 13:16 ` Stephen Smalley
2004-05-27 13:54 ` Daniel J Walsh
2004-05-27 14:27 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.