From: Darrel Goeddel <dgoeddel@TrustedCS.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Daniel J Walsh <dwalsh@redhat.com>,
James Morris <jmorris@redhat.com>,
SE Linux <selinux@tycho.nsa.gov>
Subject: Re: libselinux category patch
Date: Wed, 24 Aug 2005 09:19:55 -0500 [thread overview]
Message-ID: <430C820B.3090905@trustedcs.com> (raw)
In-Reply-To: <1124804758.7874.46.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
>>I am attaching the translation library code I am going to throw in for
>>MCS handling. Basically translates
>>c1=PatientRecord
>>I have called the file /etc/secat.conf, tried to put it in
>>/etc/selinux/secat.conf, but suddenly lots of domains wanted to read
>>selinux_config_t files.
>
> - Putting it directly under /etc makes it harder to protect differently
> than any other top-level /etc file. On the other hand, it is very much
> like a passwd file lookup for mapping uids to usernames for e.g. ls, ps,
> and friends.
> - Placing it outside of /etc/selinux makes sense if it is not considered
> part of the SELinux policy, and is consistent with the ultimate goal of
> being able to manage it via LDAP or similar means. But it does raise
> the question of what owns this file, and how it gets set up initially,
> e.g. one might want different default for MCS vs. MLS.
>
We (TCS) are including the label translation files under /etc/selinux
(protected at system high as selinux_config_t) because we view this as part of
the SELinux configuration. This works for us because we have a daemon which is
the single user of this file other than the security admin. Our libsetrans is
simply a communication library to the daemon. If the file is read directly by
users of libselinux, it needs to be protected in such a way that everyone who
can make a call into libselinux can read the file. Note that we have a similar
issue regarding users of libselinux - they must be able to contact the daemon.
We have created a policy macro for things that use our daemon via libselinux.
Perhaps we should introduce an attribute that identifies users of libselinux.
This attribute can then be used to grant read access to the config file in
RedHat's case and access to the daemon in our case.
Any thoughts on that? Maybe 'privsetrans'?
--
Darrel
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-08-24 14:28 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-22 20:21 libselinux category patch Daniel J Walsh
2005-08-23 13:45 ` Stephen Smalley
2005-08-24 14:19 ` Darrel Goeddel [this message]
2005-08-24 14:34 ` Stephen Smalley
2005-08-23 14:06 ` Joshua Brindle
2005-08-23 14:18 ` Daniel J Walsh
2005-08-23 14:50 ` Stephen Smalley
2005-08-23 15:11 ` Daniel J Walsh
2005-08-23 16:15 ` Stephen Smalley
2005-08-24 14:34 ` Darrel Goeddel
2005-08-24 14:39 ` Joshua Brindle
2005-08-23 14:27 ` Stephen Smalley
2005-08-23 15:02 ` Daniel J Walsh
2005-08-23 15:04 ` Stephen Smalley
2005-08-24 14:48 ` Darrel Goeddel
2005-08-24 14:49 ` Stephen Smalley
2005-08-23 16:52 ` Stephen Smalley
2005-08-23 17:21 ` Stephen Smalley
2005-08-23 18:03 ` Stephen Smalley
2005-08-23 18:10 ` Stephen Smalley
2005-08-24 13:27 ` Daniel J Walsh
2005-08-24 14:13 ` Stephen Smalley
2005-08-24 14:24 ` Daniel J Walsh
2005-08-24 14:50 ` Ok I plead ignorance to the way MLS works Daniel J Walsh
2005-08-24 16:44 ` Darrel Goeddel
2005-08-24 16:56 ` Stephen Smalley
2005-08-24 17:27 ` Daniel J Walsh
2005-08-24 17:40 ` Stephen Smalley
2005-08-24 19:14 ` James Morris
2005-08-24 19:36 ` libselinux category patch Stephen Smalley
2005-08-23 17:54 ` Daniel J Walsh
2005-08-25 14:19 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2005-08-24 20:18 Chad Hanson
2005-08-25 14:56 ` Stephen Smalley
2005-08-25 20:43 Chad Hanson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=430C820B.3090905@trustedcs.com \
--to=dgoeddel@trustedcs.com \
--cc=dwalsh@redhat.com \
--cc=jmorris@redhat.com \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.