* Re: role infrastructure [not found] <1152106918.8907.28.camel@sgc> @ 2006-07-11 13:37 ` Daniel J Walsh 2006-07-14 13:17 ` Christopher J. PeBenito 0 siblings, 1 reply; 3+ messages in thread From: Daniel J Walsh @ 2006-07-11 13:37 UTC (permalink / raw) To: Christopher J. PeBenito, SE Linux Bringing this out for full discussion. Christopher J. PeBenito wrote: > Dan, can you give me a run down of: > > 1. how you want to be able to configure user roles > 2. things that fc/rhel users request for user role customization > Good question I think this is more a brain storming exercise, which I don't necessarily have the knowledge or experience to answer. What I have heard is for Sarbanes Oxley, groups want to be allowed to have administrators that can get root privs in order to configure certain facets of the system, but not full control. So you could imagine a webadmin, nameserveradmin, dhcpadmin as examples. Then I believe they would like to use dominance in some way to group them. netadmin = { nameserveradmin dhcpadmin }. My idea is that we give these administrators full control over the types defined for these domains, and allow them to use all of the standard tools for configuring (vi, emacs, basically anything labeled bin_t.) To make this useful in a Targeted policy system, we might do something to sudo to get a transition to happen. So dwalsh can run a root shell but only in the webadm_r unconfined_t would transition to webadm_r. Thoughts? Dan -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: role infrastructure 2006-07-11 13:37 ` role infrastructure Daniel J Walsh @ 2006-07-14 13:17 ` Christopher J. PeBenito 2006-07-14 17:13 ` Daniel J Walsh 0 siblings, 1 reply; 3+ messages in thread From: Christopher J. PeBenito @ 2006-07-14 13:17 UTC (permalink / raw) To: Daniel J Walsh; +Cc: SE Linux On Tue, 2006-07-11 at 09:37 -0400, Daniel J Walsh wrote: > Bringing this out for full discussion. > > Christopher J. PeBenito wrote: > > Dan, can you give me a run down of: > > > > 1. how you want to be able to configure user roles > > 2. things that fc/rhel users request for user role customization > > > Good question I think this is more a brain storming exercise, which I > don't necessarily have the knowledge or > experience to answer. > > What I have heard is for Sarbanes Oxley, groups want to be allowed to > have administrators that can get root privs in order to > configure certain facets of the system, but not full control. > > So you could imagine a webadmin, nameserveradmin, dhcpadmin as > examples. Then I believe they would like to use > dominance in some way to group them. netadmin = { nameserveradmin > dhcpadmin }. > > My idea is that we give these administrators full control over the types > defined for these domains, and allow them to use all of the > standard tools for configuring (vi, emacs, basically anything labeled > bin_t.) > > To make this useful in a Targeted policy system, we might do something > to sudo to get a transition to happen. > > So dwalsh can run a root shell but only in the webadm_r unconfined_t > would transition to webadm_r. So this looks like the main goal of these examples is finer-grained admin users, which makes sense. What I'd like to do is go one step farther and make it possible to compose the roles more easily, making it possible to have unprivileged users that have less access than the current user_t. If you look at the userdomain.if in the role-infra branch, you can see that I started to break down the user domains into logical blocks so they can be more easily composed. Note, the names on these templates are just temporary, and will be changed in the future. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: role infrastructure 2006-07-14 13:17 ` Christopher J. PeBenito @ 2006-07-14 17:13 ` Daniel J Walsh 0 siblings, 0 replies; 3+ messages in thread From: Daniel J Walsh @ 2006-07-14 17:13 UTC (permalink / raw) To: Christopher J. PeBenito; +Cc: SE Linux Christopher J. PeBenito wrote: > On Tue, 2006-07-11 at 09:37 -0400, Daniel J Walsh wrote: > >> Bringing this out for full discussion. >> >> Christopher J. PeBenito wrote: >> >>> Dan, can you give me a run down of: >>> >>> 1. how you want to be able to configure user roles >>> 2. things that fc/rhel users request for user role customization >>> >>> >> Good question I think this is more a brain storming exercise, which I >> don't necessarily have the knowledge or >> experience to answer. >> >> What I have heard is for Sarbanes Oxley, groups want to be allowed to >> have administrators that can get root privs in order to >> configure certain facets of the system, but not full control. >> >> So you could imagine a webadmin, nameserveradmin, dhcpadmin as >> examples. Then I believe they would like to use >> dominance in some way to group them. netadmin = { nameserveradmin >> dhcpadmin }. >> >> My idea is that we give these administrators full control over the types >> defined for these domains, and allow them to use all of the >> standard tools for configuring (vi, emacs, basically anything labeled >> bin_t.) >> >> To make this useful in a Targeted policy system, we might do something >> to sudo to get a transition to happen. >> >> So dwalsh can run a root shell but only in the webadm_r unconfined_t >> would transition to webadm_r. >> > > So this looks like the main goal of these examples is finer-grained > admin users, which makes sense. exactly > What I'd like to do is go one step > farther and make it possible to compose the roles more easily, making it > possible to have unprivileged users that have less access than the > current user_t. I agree. I would like to get to the point where in targeted policy we could allow people to turn on mozilla/thunderbird policy via a boolean. So someone building a kiosk could run a locked down version of thunderbird without requiring the pain of strict policy. But I digress. > If you look at the userdomain.if in the role-infra > branch, you can see that I started to break down the user domains into > logical blocks so they can be more easily composed. Note, the names on > these templates are just temporary, and will be changed in the future. > > Yes that is a step in the right direction. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-07-14 17:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1152106918.8907.28.camel@sgc>
2006-07-11 13:37 ` role infrastructure Daniel J Walsh
2006-07-14 13:17 ` Christopher J. PeBenito
2006-07-14 17:13 ` Daniel J Walsh
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.