From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: selinux@tycho.nsa.gov, Russell Coker <russell@coker.com.au>,
selinux-dev@tresys.com
Subject: Re: Now that SELinux supports booleans should we replace tunables with booleans?
Date: Thu, 05 Aug 2004 09:44:41 -0400 [thread overview]
Message-ID: <411239C9.4020505@redhat.com> (raw)
In-Reply-To: <1091709228.11061.47.camel@moss-spartans.epoch.ncsc.mil>
[-- Attachment #1: Type: text/plain, Size: 1554 bytes --]
Stephen Smalley wrote:
>On Thu, 2004-08-05 at 08:30, Stephen Smalley wrote:
>
>
>>Dan has raised the issue of how to handle policy reloads when using
>>booleans, as a policy reload will reset the boolean values to the
>>compile-time default settings. We could certainly extend load_policy to
>>also set the booleans based on the same configuration file used at boot
>>time, but that will leave open a window between the policy reload and
>>the setting of the booleans where the active policy will fall back to
>>the compile-time defaults. That could break running processes or create
>>a window of vulnerability, depending on whether the compile-time
>>defaults are more secure or less secure than the configuration file
>>settings. We could have the policy Makefile patch the boolean default
>>settings based on the configuration file, so that a policy rebuild would
>>change the compile-time defaults to match the desired settings, but that
>>requires policy sources, which may not be available (e.g. the policy
>>reload may have been triggered by a binary policy update, and the end
>>system may not have policy sources installed). Thoughts?
>>
>>
>
>Actually, it would be easy to create a simple utility that patches a
>binary policy to change the boolean default values, so that would be a
>possibility.
>
>
>
Here is the current patch I was using for load_policy. As has been
stated this is not the ideal situation.
Patching the policy.conf is probably the best solution. Utilities to
read booleans probably usefull here.
Dan
[-- Attachment #2: policycoreutils-rhat.patch --]
[-- Type: text/x-patch, Size: 2629 bytes --]
--- policycoreutils-1.15.3/scripts/genhomedircon.rhat 2004-07-29 16:26:01.000000000 -0400
+++ policycoreutils-1.15.3/scripts/genhomedircon 2004-08-05 09:41:35.553364941 -0400
@@ -83,7 +83,7 @@
if rc[0] == 0:
print rc[1]
else:
- errorExit(join("grep/sed error ", rc[1]))
+ errorExit(string.join("grep/sed error ", rc[1]))
return rc
try:
@@ -128,7 +128,7 @@
if rc[0] == 0:
print rc[1]
else:
- errorExit(join("sed error ", rc[1]))
+ errorExit(string.join("sed error ", rc[1]))
users = getUsers()
print "\n#\n# User-specific file contexts\n#\n"
@@ -137,6 +137,6 @@
for u in users.keys():
update(sys.argv[2], u, users[u])
except ValueError, error:
- errorExit(join("ValueError ", error))
+ errorExit(strin.join("ValueError ", error))
except IndexError, error:
errorExit("IndexError")
--- policycoreutils-1.15.3/load_policy/load_policy.c.rhat 2004-08-05 09:41:55.250910627 -0400
+++ policycoreutils-1.15.3/load_policy/load_policy.c 2004-08-05 09:41:59.879803864 -0400
@@ -10,11 +10,67 @@
#include <selinux/selinux.h>
#include <locale.h> /* for setlocale() */
#include <libintl.h> /* for gettext() */
+#include <ctype.h>
+
#define _(msgid) gettext (msgid)
#ifndef PACKAGE
#define PACKAGE "policycoreutils" /* the name of this package lang translation */
#endif
+#define BOOLEANS "booleans" /* booleans file */
+
+
+char *strtrim(char *dest, char *source, int size) {
+ int i=0;
+ char *ptr=source;
+ i=0;
+ while(isspace(*ptr) && i < size) {
+ ptr++;
+ i++;
+ }
+ strncpy(dest,ptr,size);
+ for(i=strlen(dest)-1; i> 0; i--) {
+ if (!isspace(dest[i])) break;
+ }
+ dest[i+1]='\0';
+ return dest;
+}
+
+int load_booleans(void) {
+ FILE *boolf;
+ char buffer[BUFSIZ];
+ char name[BUFSIZ];
+ char name1[BUFSIZ];
+ int val;
+ int errors=0;
+
+ snprintf(buffer,BUFSIZ, "%s/%s", selinux_policy_root(), BOOLEANS);
+ boolf = fopen(buffer,"r");
+ if (boolf == NULL)
+ return errors;
+
+ while (fgets(buffer, sizeof(buffer), boolf)) {
+ char *tok=strtok(buffer,"=");
+ if (tok) {
+ strncpy(name1,tok, BUFSIZ-1);
+ strtrim(name,name1,BUFSIZ-1);
+ if ( name[0]=='#' ) continue;
+ tok=strtok(NULL,tok);
+ if (tok) {
+ val=atoi(tok);
+ if (security_set_boolean(name, val)!=0) {
+ fprintf(stderr,"error setting boolean %s to value %d \n", name, val);
+ errors++;
+ }
+ }
+ }
+ }
+ fclose(boolf);
+
+ security_commit_booleans();
+
+ return errors;
+}
int main(int argc, char **argv)
{
int fd, ret;
@@ -55,5 +111,7 @@
fprintf(stderr, _("%s: security_load_policy failed\n"), argv[0]);
exit(3);
}
+ load_booleans();
+
exit(0);
}
next prev parent reply other threads:[~2004-08-05 13:45 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-13 13:59 Now that SELinux supports booleans should we replace tunables with booleans? Daniel J Walsh
2004-04-13 17:09 ` Chris PeBenito
2004-04-13 17:53 ` Tom Mitchell
2004-04-14 13:16 ` Karl MacMillan
2004-04-14 16:19 ` Russell Coker
2004-04-14 17:19 ` Karl MacMillan
2004-04-14 19:50 ` Valdis.Kletnieks
[not found] ` <407DF398.4010405@redhat.com>
2004-04-15 5:28 ` Russell Coker
2004-04-15 14:52 ` Valdis.Kletnieks
2004-04-14 19:58 ` James Morris
2004-04-14 20:19 ` James Morris
2004-04-21 16:05 ` Karl MacMillan
2004-04-13 23:17 ` Russell Coker
2004-04-14 13:11 ` Karl MacMillan
2004-04-14 13:30 ` Stephen Smalley
2004-04-14 14:10 ` Now that SELinux supports booleans should we replace tunableswith booleans? Karl MacMillan
2004-04-14 16:00 ` Russell Coker
2004-04-14 13:38 ` Now that SELinux supports booleans should we replace tunables with booleans? Russell Coker
2004-04-14 14:53 ` Karl MacMillan
2004-08-02 18:53 ` Stephen Smalley
2004-08-02 19:08 ` Stephen Smalley
2004-08-05 12:30 ` Stephen Smalley
2004-08-05 12:33 ` Stephen Smalley
2004-08-05 13:44 ` Daniel J Walsh [this message]
2004-08-06 14:04 ` Stephen Smalley
2004-08-06 15:57 ` Now that SELinux supports booleans should we replace tunableswith booleans? Karl MacMillan
2004-08-06 16:20 ` Stephen Smalley
2004-08-09 20:11 ` Stephen Smalley
2004-08-10 6:46 ` Russell Coker
2004-08-10 14:29 ` Karl MacMillan
2004-08-10 14:33 ` Daniel J Walsh
2004-08-10 14:47 ` Karl MacMillan
2004-08-10 14:43 ` Stephen Smalley
2004-08-10 17:06 ` Timothy Wood
2004-08-10 17:20 ` Stephen Smalley
2004-08-10 13:25 ` Daniel J Walsh
2004-08-06 14:02 ` Now that SELinux supports booleans should we replace tunables with booleans? Stephen Smalley
2004-08-06 14:20 ` Joshua Brindle
2004-08-06 14:28 ` Stephen Smalley
2004-08-06 14:38 ` Daniel J Walsh
2004-08-06 15:30 ` Stephen Smalley
2004-08-06 15:36 ` kmacmillan
2004-08-06 14:23 ` Stephen Smalley
2004-08-06 14:40 ` Daniel J Walsh
2004-08-06 15:02 ` Stephen Smalley
2004-08-23 19:33 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=411239C9.4020505@redhat.com \
--to=dwalsh@redhat.com \
--cc=russell@coker.com.au \
--cc=sds@epoch.ncsc.mil \
--cc=selinux-dev@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.