From: Joshua Brindle <method@manicmethod.com>
To: SE Linux <selinux@tycho.nsa.gov>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Karl MacMillan <kmacmillan@mentalrootkit.com>,
"Christopher J. PeBenito" <cpebenito@tresys.com>
Subject: [rfc] refpolicy user based separation
Date: Fri, 13 Jun 2008 11:12:49 -0400 [thread overview]
Message-ID: <48528E71.3000301@manicmethod.com> (raw)
With the role based separation work being done an alternate idea was brought up here. Rather than going through the pain required for role based separation (kernel patches, policy format changes, incompatibility with older distros, long term refpolicy branch) we could do user based separation.
The work done on refpolicy to merge derived types is still necessary, and much of that work has been done. It just means that rather than separating user home dirs and user processes based on the role field it will be done on the user field. We believe that no kernel patches or format changes are necessary to do this.
Some advantages include less work, ofcourse. No incompatibility with older distros (eg., trunk refpolicy will still be usable on RHEL4/5). Some disadvantages are less flexibility, more difficult to separate roles given to the same user (TE policy with derived types would be necessary). It would be easy to use roles and users in a 1:1 mapping and force people to log out and back in to assume a new role, or to use sudo with context setting support (although that requires the selinux user identity to be non-immutable, which some have objected to)
Some work would still need to be done in userspace, such as user attribute support in the module format and libsemanage, to be able to exempt separation for specific users.
Opinions?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2008-06-13 15:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-13 15:12 Joshua Brindle [this message]
2008-06-17 15:04 ` [rfc] refpolicy user based separation James Carter
2008-06-17 15:21 ` Joshua Brindle
2008-06-17 16:40 ` Stephen Smalley
2008-06-17 17:58 ` James Carter
2008-06-17 18:07 ` Stephen Smalley
2008-06-17 18:28 ` James Carter
2008-06-17 18:48 ` Stephen Smalley
2008-06-17 20:31 ` James Carter
2008-06-17 17:03 ` James Carter
2008-06-17 17:16 ` Joshua Brindle
2008-06-17 17:50 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48528E71.3000301@manicmethod.com \
--to=method@manicmethod.com \
--cc=cpebenito@tresys.com \
--cc=kmacmillan@mentalrootkit.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.