Re: Added is_context_configurable function

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Colin Walters <walters@redhat.com>, SELinux <SELinux@tycho.nsa.gov>
Subject: Re: Added is_context_configurable function
Date: Wed, 12 Jan 2005 09:44:24 -0500	[thread overview]
Message-ID: <41E537C8.8060101@redhat.com> (raw)
In-Reply-To: <1105539555.22495.28.camel@moss-spartans.epoch.ncsc.mil>

Stephen Smalley wrote:

>On Tue, 2005-01-11 at 17:10, Colin Walters wrote:
>  
>
>>I've said this before, but I don't like the idea of having to edit
>>file_contexts whenever I want to change the labels.  I feel that the 
>>on-disk version should be canonical, and the file_contexts only used for
>>system initialization.
>>    
>>
>
>That is also my view.  However, if people are going to run setfiles or
>restorecon at runtime to check or set contexts (which is current
>practice in Fedora), then we do need a way to distinguish legitimate
>customizations from what are essentially bugs in the policy (e.g. lack
>of a file type transition rule) or applications (e.g. failure to
>preserve or set context on a file where file type transition rules are
>insufficient).  The file contexts configuration seemed like a reasonable
>way to capture that distinction to me.  Two questions:
>1) Is it sufficient to identify legitimate customizations based solely
>on the TE type of the file?  If not, what other information should be
>taken into account, irrespective of whether this is done via
>file_contexts or via a different config file?
>  
>
I think we can somewhat do that now.  I am not looking at the ability to 
put general
files in random location, just based off the wim of the Administrator.  
IE putting
/var/named some where else is not what we are considering, in this case 
a secondary
file_context.local file should be required.  But the usual case of 
labeling file for sharing
IE samba_share_t, http*, ftp_anon_t.  These will be come common, and the 
admin should not
be required to update file_context in this case.  (We had considered 
calling them sharables)

>2) Is it feasible for the policy writer to identify all such TE types a
>priori in the policy without covering such a large set as to make
>setfiles/restorecon completely useless by default? If not, what
>mechanism will be provided to allow users/admins to easily mark
>additional types without conflicting with future policy updates?
>
>  
>
I believe so as long as we confine it to shareable types of context, not 
files that have standard locations,
that an admin might decide to change.




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2005-01-12 14:44 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-10 22:17 Added is_context_configurable function Daniel J Walsh
2005-01-11 15:22 ` Stephen Smalley
2005-01-11 16:12   ` Daniel J Walsh
2005-01-11 20:00     ` Stephen Smalley
2005-01-11 20:31       ` Daniel J Walsh
2005-01-11 20:35         ` Stephen Smalley
2005-01-11 20:58           ` Daniel J Walsh
2005-01-11 22:25             ` Colin Walters
2005-01-11 22:10       ` Colin Walters
2005-01-12  0:19         ` Casey Schaufler
2005-01-12 14:19         ` Stephen Smalley
2005-01-12 14:44           ` Daniel J Walsh [this message]
2005-01-12 15:37           ` Daniel J Walsh
2005-01-20 15:29             ` Stephen Smalley
2005-01-12 15:39           ` Daniel J Walsh
2005-01-20 15:32             ` Stephen Smalley
2005-01-12 15:48           ` Colin Walters
2005-01-12 22:09             ` Stephen Smalley
2005-01-13  3:52               ` Colin Walters
2005-01-13 14:55                 ` Daniel J Walsh
2005-01-13 15:53                   ` Colin Walters
2005-01-13 16:01                     ` Daniel J Walsh
2005-01-13 14:57               ` Daniel J Walsh
2005-01-12 18:19           ` Luke Kenneth Casson Leighton
2005-01-12 18:15             ` Colin Walters

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41E537C8.8060101@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=SELinux@tycho.nsa.gov \
    --cc=sds@epoch.ncsc.mil \
    --cc=walters@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.