fsdaemon writes files/disks at different levels, Needs write down.

All of lore.kernel.org
 help / color / mirror / Atom feed

* fsdaemon writes files/disks at different levels, Needs write down.
@ 2007-05-30 14:22 dwalsh
  2007-06-11 15:25 ` Christopher J. PeBenito
  0 siblings, 1 reply; 6+ messages in thread
From: dwalsh @ 2007-05-30 14:22 UTC (permalink / raw)
  To: cpebenito; +Cc: selinux

--- nsaserefpolicy/policy/modules/services/smartmon.te	2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/smartmon.te	2007-05-30 09:08:15.000000000 -0400
@@ -60,6 +60,7 @@
 fs_search_auto_mountpoints(fsdaemon_t)
 
 mls_file_read_up(fsdaemon_t)
+mls_file_write_down(fsdaemon_t)
 
 storage_raw_read_fixed_disk(fsdaemon_t)
 storage_raw_write_fixed_disk(fsdaemon_t)

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: fsdaemon writes files/disks at different levels, Needs write down.
  2007-05-30 14:22 fsdaemon writes files/disks at different levels, Needs write down dwalsh
@ 2007-06-11 15:25 ` Christopher J. PeBenito
  2007-06-11 16:50   ` Daniel J Walsh
  0 siblings, 1 reply; 6+ messages in thread
From: Christopher J. PeBenito @ 2007-06-11 15:25 UTC (permalink / raw)
  To: dwalsh; +Cc: selinux

On Wed, 2007-05-30 at 10:22 -0400, dwalsh@redhat.com wrote:
> --- nsaserefpolicy/policy/modules/services/smartmon.te	2007-05-29 14:10:57.000000000 -0400
> +++ serefpolicy-3.0.1/policy/modules/services/smartmon.te	2007-05-30 09:08:15.000000000 -0400
> @@ -60,6 +60,7 @@
>  fs_search_auto_mountpoints(fsdaemon_t)
>  
>  mls_file_read_up(fsdaemon_t)
> +mls_file_write_down(fsdaemon_t)
>  
>  storage_raw_read_fixed_disk(fsdaemon_t)
>  storage_raw_write_fixed_disk(fsdaemon_t)

Looks to me that all of the devices smartmon should care about
(fixed_disk_device_t) are all system high, so I'm not sure why this is
needed.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: fsdaemon writes files/disks at different levels, Needs write down.
  2007-06-11 15:25 ` Christopher J. PeBenito
@ 2007-06-11 16:50   ` Daniel J Walsh
  2007-06-11 17:10     ` Christopher J. PeBenito
  0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2007-06-11 16:50 UTC (permalink / raw)
  To: Christopher J. PeBenito; +Cc: selinux

Christopher J. PeBenito wrote:
> On Wed, 2007-05-30 at 10:22 -0400, dwalsh@redhat.com wrote:
>   
>> --- nsaserefpolicy/policy/modules/services/smartmon.te	2007-05-29 14:10:57.000000000 -0400
>> +++ serefpolicy-3.0.1/policy/modules/services/smartmon.te	2007-05-30 09:08:15.000000000 -0400
>> @@ -60,6 +60,7 @@
>>  fs_search_auto_mountpoints(fsdaemon_t)
>>  
>>  mls_file_read_up(fsdaemon_t)
>> +mls_file_write_down(fsdaemon_t)
>>  
>>  storage_raw_read_fixed_disk(fsdaemon_t)
>>  storage_raw_write_fixed_disk(fsdaemon_t)
>>     
>
> Looks to me that all of the devices smartmon should care about
> (fixed_disk_device_t) are all system high, so I'm not sure why this is
> needed.
>
>   
Writing its pid file?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: fsdaemon writes files/disks at different levels, Needs write down.
  2007-06-11 16:50   ` Daniel J Walsh
@ 2007-06-11 17:10     ` Christopher J. PeBenito
  2007-06-11 17:18       ` Daniel J Walsh
  0 siblings, 1 reply; 6+ messages in thread
From: Christopher J. PeBenito @ 2007-06-11 17:10 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: selinux

On Mon, 2007-06-11 at 12:50 -0400, Daniel J Walsh wrote:
> Christopher J. PeBenito wrote:
> > On Wed, 2007-05-30 at 10:22 -0400, dwalsh@redhat.com wrote:
> >   
> >> --- nsaserefpolicy/policy/modules/services/smartmon.te	2007-05-29 14:10:57.000000000 -0400
> >> +++ serefpolicy-3.0.1/policy/modules/services/smartmon.te	2007-05-30 09:08:15.000000000 -0400
> >> @@ -60,6 +60,7 @@
> >>  fs_search_auto_mountpoints(fsdaemon_t)
> >>  
> >>  mls_file_read_up(fsdaemon_t)
> >> +mls_file_write_down(fsdaemon_t)
> >>  
> >>  storage_raw_read_fixed_disk(fsdaemon_t)
> >>  storage_raw_write_fixed_disk(fsdaemon_t)
> >>     
> >
> > Looks to me that all of the devices smartmon should care about
> > (fixed_disk_device_t) are all system high, so I'm not sure why this is
> > needed.
> >
> >   
> Writing its pid file?

Perhaps the pid file should be systemhigh too.  It might be only the pid
number in the file, but do we want to trust it write down when it has
raw disk access?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: fsdaemon writes files/disks at different levels, Needs write down.
  2007-06-11 17:10     ` Christopher J. PeBenito
@ 2007-06-11 17:18       ` Daniel J Walsh
  2007-06-12 13:04         ` Christopher J. PeBenito
  0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2007-06-11 17:18 UTC (permalink / raw)
  To: Christopher J. PeBenito; +Cc: selinux

Christopher J. PeBenito wrote:
> On Mon, 2007-06-11 at 12:50 -0400, Daniel J Walsh wrote:
>   
>> Christopher J. PeBenito wrote:
>>     
>>> On Wed, 2007-05-30 at 10:22 -0400, dwalsh@redhat.com wrote:
>>>   
>>>       
>>>> --- nsaserefpolicy/policy/modules/services/smartmon.te	2007-05-29 14:10:57.000000000 -0400
>>>> +++ serefpolicy-3.0.1/policy/modules/services/smartmon.te	2007-05-30 09:08:15.000000000 -0400
>>>> @@ -60,6 +60,7 @@
>>>>  fs_search_auto_mountpoints(fsdaemon_t)
>>>>  
>>>>  mls_file_read_up(fsdaemon_t)
>>>> +mls_file_write_down(fsdaemon_t)
>>>>  
>>>>  storage_raw_read_fixed_disk(fsdaemon_t)
>>>>  storage_raw_write_fixed_disk(fsdaemon_t)
>>>>     
>>>>         
>>> Looks to me that all of the devices smartmon should care about
>>> (fixed_disk_device_t) are all system high, so I'm not sure why this is
>>> needed.
>>>
>>>   
>>>       
>> Writing its pid file?
>>     
>
> Perhaps the pid file should be systemhigh too.  It might be only the pid
> number in the file, but do we want to trust it write down when it has
> raw disk access?
>
>   
This is why I hate MLS :^(

The only files in /var/run that are SystemHigh right now are.

/var/run/setrans(/.*)?       
gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: fsdaemon writes files/disks at different levels, Needs write down.
  2007-06-11 17:18       ` Daniel J Walsh
@ 2007-06-12 13:04         ` Christopher J. PeBenito
  0 siblings, 0 replies; 6+ messages in thread
From: Christopher J. PeBenito @ 2007-06-12 13:04 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: selinux

On Mon, 2007-06-11 at 13:18 -0400, Daniel J Walsh wrote:
> Christopher J. PeBenito wrote:
> > On Mon, 2007-06-11 at 12:50 -0400, Daniel J Walsh wrote:
> >   
> >> Christopher J. PeBenito wrote:
> >>     
> >>> On Wed, 2007-05-30 at 10:22 -0400, dwalsh@redhat.com wrote:
> >>>   
> >>>       
> >>>> --- nsaserefpolicy/policy/modules/services/smartmon.te	2007-05-29 14:10:57.000000000 -0400
> >>>> +++ serefpolicy-3.0.1/policy/modules/services/smartmon.te	2007-05-30 09:08:15.000000000 -0400
> >>>> @@ -60,6 +60,7 @@
> >>>>  fs_search_auto_mountpoints(fsdaemon_t)
> >>>>  
> >>>>  mls_file_read_up(fsdaemon_t)
> >>>> +mls_file_write_down(fsdaemon_t)
> >>>>  
> >>>>  storage_raw_read_fixed_disk(fsdaemon_t)
> >>>>  storage_raw_write_fixed_disk(fsdaemon_t)
> >>>>     
> >>>>         
> >>> Looks to me that all of the devices smartmon should care about
> >>> (fixed_disk_device_t) are all system high, so I'm not sure why this is
> >>> needed.
> >>>
> >>>   
> >>>       
> >> Writing its pid file?
> >>     
> >
> > Perhaps the pid file should be systemhigh too.  It might be only the pid
> > number in the file, but do we want to trust it write down when it has
> > raw disk access?
> >
> >   
> This is why I hate MLS :^(
> 
> The only files in /var/run that are SystemHigh right now are.
> 
> /var/run/setrans(/.*)?       
> gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)

It still seems like the right course of action; I'm open to comment from
the MLS guys either way.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2007-06-12 13:06 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-30 14:22 fsdaemon writes files/disks at different levels, Needs write down dwalsh
2007-06-11 15:25 ` Christopher J. PeBenito
2007-06-11 16:50   ` Daniel J Walsh
2007-06-11 17:10     ` Christopher J. PeBenito
2007-06-11 17:18       ` Daniel J Walsh
2007-06-12 13:04         ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.