Latest Diffs 11/29

Latest Diffs 11/29

[Daniel J Walsh]

http://people.redhat.com/dwalsh/SELinux/diff

new booleans

prelink needs to manage execs created by amanda

amanda wants netlink_route

hal execs grub with a redirection of stdout, stderr

firstboot_write_pipes should be rw_pipes

logwatch wants to search sysfs

prelink wants to read symlinks

quota fixes for MLS

rpm execs prelink

rpm dbus chats with hal

Remove a bunch of cruft under TODO in rpm.

groupadd and useradd ask for sys_tty_config, work fine without it.

Why does loadkeys built this way.  Trying this interface blew up in 
targeted policy.

slocate fix for MLS

I think the hi_reserved_port_t change is good.

A few new devices and a change for MLS

We have a goal in RHEL 5 to eliminate all avc, so bogus ones caused by 
xsession-errors should be dontaudited.

Fixes for mount commands

Fixes for polyinstatiated needs rmdir

new interfaces for quota

Need fs_associate_noxattr(noxattrfs)

Xen has new tty_device_t  xvc

new cache directory for apache

Lots of fixes for apache.

Avahi has a unix_stream_socket that nsswitch uses

new named_conf_t file

clamd wants to read kernel sysctl

Cron handling of keyring

Cups changes for MLS

dbus dir mounted on named chroot, causes problems with tools checking 
file context.

ftpd wants to update utmp file

hal has a new writable directory /var/lib/hal

Add ocsp port and allow kerberos to communicate with it.

Lots of fixes for kerberos

update mta.if to eliminate avc message on mqueue_spool_t

ypxfr has moved and needs policy fixes

Dont want to dontaudit searches of var_yp_t so setroubleshoot will work 
correctly.

Oddjob needs to signal itself.

postfix uses uucp, and cyrus

procmail on cifs and nfs

gssd needs to getshed

samba interfaces need to be able to search_dir_perms on samba_etc_t

nmbd_t needs to be able to unlink log files

Fixes for swat

snmp wants to getattr additional places

spamd causes random avc messages on connecting to ports used by other apps

telnetd wants to look at netlink_route

tftpd uses ypbind

Added policy for uux

mkswap should not be fsadm_exec_t, it is SELinux aware.

xen execs hostname which causes avc when hostname tries to append to xen 
log files

init needs to exec initrc_exec_t when going to single user mode

more textrel_shlib_t changes

I have removed some hide_broken_symptoms thinking they are all fixed, 
but do you  want these around for RHEL4?

var_log_t is sometimes a mount point

lvm has a new directory /var/lib/multipath

clvmd needs lots of additional access.

locale files in /usr/share/X11/locale

depmod deletes kernel modules

mount wants to read netlink_route

mount commands sometimes execs other mount commands

allow mount to mounton any directory controlled by boolean
allow mount to bind mount andy file controlled by boolean

mdadm creates fixed disks

Added policy for system-config-selinux, basically a superset of 
semanage_t, currently unconfined, but need transition rules to maintain 
context in /etc/selinux/TYPE directories.

Additional rules for to get load_policy to work with MLS

Fix RealPlayer file specification, additional unconfined_execmem_exec_t 
domains.

Missing gen_require from userdomain.if

Change home_dir_t:dir search to search_dir_perms

Allow secadm to read audit_config,

secadm needs to run aide.

xen fixes, new images directory

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Latest Diffs 11/29

[Christopher J. PeBenito]

On Wed, 2006-11-29 at 17:06 -0500, Daniel J Walsh wrote:
> Why does loadkeys built this way.  Trying this interface blew up in 
> targeted policy.

I cannot reproduce this.

> I think the hi_reserved_port_t change is good.

Its close, I think we need to think about changing the "rpc ports"
concept, since it doesn't seem limited to just rpc.

> Fixes for polyinstatiated needs rmdir

Need more explanation for login programs adding and removing user home
directories for polyinstantiation.

> Cups changes for MLS

I don't agree with the cupsd file change, the binary itself isn't
sensitive.  Reordered other changes.

> ypxfr has moved and needs policy fixes

Kept the bin search perms for compat.

> Dont want to dontaudit searches of var_yp_t so setroubleshoot will work 
> correctly.

> nmbd_t needs to be able to unlink log files

Why?  This would be a bad thing, IMO.

> Fixes for swat

Changing the log access to write?  Also seems like a bad thing, though
not quite as bad since its an admin tool.

> tftpd uses ypbind

made this optional

> mkswap should not be fsadm_exec_t, it is SELinux aware.

Why is mkswap aware?  Why would it not be fsadm_exec_t, it will still
have to write to the fixed disk device.

> I have removed some hide_broken_symptoms thinking they are all fixed, 
> but do you  want these around for RHEL4?

Yes.

> depmod deletes kernel modules

Why?

> Added policy for system-config-selinux, basically a superset of 
> semanage_t, currently unconfined, but need transition rules to maintain 
> context in /etc/selinux/TYPE directories.

Need explanation for changes to manage_default_contexts and
manage_selinux_config.

Why are init scripts running setsebool?

Dropping semanage_gui_t, as its not upstream.  Selinuxutil should only
be checkpolicy and policycoreutils programs.

I don't think newrole should use the login program interface.

Why do you have setfiles exec'ing init scripts?

> Additional rules for to get load_policy to work with MLS

Need more clarification on this one.

> Fix RealPlayer file specification, additional unconfined_execmem_exec_t 
> domains.

Just like with mplayer, we want vmware executables labeled in the vmware
module.

> xen fixes, new images directory

Why is this needed:
+	allow $1 xdm_xserver_t:process siginh;

Can you elaborate as to why multipath (dm/lvm) needs net_admin?  A
cursory look through the docs doesn't mention the network at all.

Changed printk_device_t to kmsg_device_t.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Latest Diffs 11/29

[Daniel J Walsh]

Christopher J. PeBenito wrote:
> On Wed, 2006-11-29 at 17:06 -0500, Daniel J Walsh wrote:
>   
>> Why does loadkeys built this way.  Trying this interface blew up in 
>> targeted policy.
>>     
>
> I cannot reproduce this.
>
>   
The interface blew up when trying to be used in a modular policy.  
Basically I was experimenting with
getting unconfined_t to transition to user_mozilla_t
>> I think the hi_reserved_port_t change is good.
>>     
>
> Its close, I think we need to think about changing the "rpc ports"
> concept, since it doesn't seem limited to just rpc.
>
>   
>> Fixes for polyinstatiated needs rmdir
>>     
>
> Need more explanation for login programs adding and removing user home
> directories for polyinstantiation.
>
>   
>> Cups changes for MLS
>>     
>
> I don't agree with the cupsd file change, the binary itself isn't
> sensitive.  Reordered other changes.
>
>   
>> ypxfr has moved and needs policy fixes
>>     
>
> Kept the bin search perms for compat.
>
>   
>> Dont want to dontaudit searches of var_yp_t so setroubleshoot will work 
>> correctly.
>>     
>
>   
>> nmbd_t needs to be able to unlink log files
>>     
>
> Why?  This would be a bad thing, IMO.
>
>   
Agreed, but we break samba functionality.  Maybe a boolean?
>> Fixes for swat
>>     
>
> Changing the log access to write?  Also seems like a bad thing, though
> not quite as bad since its an admin tool.
>
>   
>> tftpd uses ypbind
>>     
>
> made this optional
>
>   
>> mkswap should not be fsadm_exec_t, it is SELinux aware.
>>     
>
> Why is mkswap aware?  Why would it not be fsadm_exec_t, it will still
> have to write to the fixed disk device.
>
>   
Needs a new policy if you want.  mkswap now labels file swapfile_t.  Not 
elegant but it works. 
>> I have removed some hide_broken_symptoms thinking they are all fixed, 
>> but do you  want these around for RHEL4?
>>     
>
> Yes.
>
>   
>> depmod deletes kernel modules
>>     
>
> Why?
>
>   
>> Added policy for system-config-selinux, basically a superset of 
>> semanage_t, currently unconfined, but need transition rules to maintain 
>> context in /etc/selinux/TYPE directories.
>>     
>
> Need explanation for changes to manage_default_contexts and
> manage_selinux_config.
>
> Why are init scripts running setsebool?
>
>   
ypbind start/stop turns on the boolean.  Probably ok for targeted not 
for other platforms.
> Dropping semanage_gui_t, as its not upstream.  Selinuxutil should only
> be checkpolicy and policycoreutils programs.
>
> I don't think newrole should use the login program interface.
>
> Why do you have setfiles exec'ing init scripts?
>
>   
>> Additional rules for to get load_policy to work with MLS
>>     
>
> Need more clarification on this one.
>
>   

>> Fix RealPlayer file specification, additional unconfined_execmem_exec_t 
>> domains.
>>     
>
> Just like with mplayer, we want vmware executables labeled in the vmware
> module.
>
>   
>> xen fixes, new images directory
>>     
>
> Why is this needed:
> +	allow $1 xdm_xserver_t:process siginh;
>
>   
Needed to get transition for rhgb to xserver to work.
> Can you elaborate as to why multipath (dm/lvm) needs net_admin?  A
> cursory look through the docs doesn't mention the network at all.
>
> Changed printk_device_t to kmsg_device_t.
>
>   


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.