* [refpolicy] kernel_files.patch
@ 2009-03-04 21:24 Daniel J Walsh
0 siblings, 0 replies; 18+ messages in thread
From: Daniel J Walsh @ 2009-03-04 21:24 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch
Add a couple of file context
Fixes for lots of interfaces
Add files_relabel_all_file_type_fs To allow mounting filesystems with
different file context.
Add ability to delete file_t, sysadmin needs this to clean up badly labels.
Usually these are on /tmp
Fix delete usr_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmu8ZgACgkQrlYvE4MpobMlRQCg0JrENfQE01qZW/vG9rr+wIE7
BNUAoKneZsDpeNrmN5n4kYzLV9mLWGy4
=j99y
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
@ 2010-08-26 22:47 Daniel J Walsh
0 siblings, 0 replies; 18+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:47 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch
Add system_conf_t for handling iptables/firewall tools.
Added /rhev directory
label /sys
other fixes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx27vwACgkQrlYvE4MpobPW6gCeM3UYco36GIT17Zae6x35rUC8
YOQAnR1Kr2gmS+JsV+JIIduwrdOo0iMg
=5bnh
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
@ 2010-06-02 20:22 Daniel J Walsh
2010-06-09 13:09 ` Christopher J. PeBenito
0 siblings, 1 reply; 18+ messages in thread
From: Daniel J Walsh @ 2010-06-02 20:22 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch
Files created in / I label as etc_runtime_t, we have never come up with
a better label.
Miroslav added system_conf_t so firewall apps could edit these files
Redhat does want /usr/local/src labeled src_t or /usr/src for that matter
Fix labels on chroot environments
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-06-02 20:22 Daniel J Walsh
@ 2010-06-09 13:09 ` Christopher J. PeBenito
2010-06-09 19:10 ` Daniel J Walsh
0 siblings, 1 reply; 18+ messages in thread
From: Christopher J. PeBenito @ 2010-06-09 13:09 UTC (permalink / raw)
To: refpolicy
On Wed, 2010-06-02 at 16:22 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch
>
> Files created in / I label as etc_runtime_t, we have never come up with
> a better label.
I think that you couldn't come up with a better label because there is
no good label. There isn't a standard concept of what files created in
the root directory are.
> Miroslav added system_conf_t so firewall apps could edit these files
I'm still thinking about this one. It still seems weird, but I'm not
sure why.
> Redhat does want /usr/local/src labeled src_t or /usr/src for that matter
>
> Fix labels on chroot environments
Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-06-09 13:09 ` Christopher J. PeBenito
@ 2010-06-09 19:10 ` Daniel J Walsh
0 siblings, 0 replies; 18+ messages in thread
From: Daniel J Walsh @ 2010-06-09 19:10 UTC (permalink / raw)
To: refpolicy
On 06/09/2010 09:09 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 16:22 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_files.patch
>>
>> Files created in / I label as etc_runtime_t, we have never come up with
>> a better label.
>
> I think that you couldn't come up with a better label because there is
> no good label. There isn't a standard concept of what files created in
> the root directory are.
>
>> Miroslav added system_conf_t so firewall apps could edit these files
>
> I'm still thinking about this one. It still seems weird, but I'm not
> sure why.
>
>> Redhat does want /usr/local/src labeled src_t or /usr/src for that matter
>>
>> Fix labels on chroot environments
>
> Otherwise merged.
>
I figured out what the kernel_stream_connect was. Plymouthd runs in the
initrd and when xdm or boot is complete, It sends a message to tell the
plymouthd to stop running.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
@ 2010-02-23 22:21 Daniel J Walsh
2010-03-04 19:08 ` Christopher J. PeBenito
0 siblings, 1 reply; 18+ messages in thread
From: Daniel J Walsh @ 2010-02-23 22:21 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
New file context
Lots of new interfaces
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-02-23 22:21 Daniel J Walsh
@ 2010-03-04 19:08 ` Christopher J. PeBenito
2010-03-04 19:17 ` Christopher J. PeBenito
2010-03-05 16:46 ` Daniel J Walsh
0 siblings, 2 replies; 18+ messages in thread
From: Christopher J. PeBenito @ 2010-03-04 19:08 UTC (permalink / raw)
To: refpolicy
On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
>
> New file context
>
> Lots of new interfaces
* need explanation as to why boot_t would be a device node.
* need additional explanation as to the purpose of system_conf_t.
* the files_relabel_all_files() change is still rejected, since block
and chr files should have regular file types.
* the the files-delete_isid_type_files() additions need their own
interfaces instead.
* same thing for files_delete_usr_files()
* the files_read_usr_files() change is excessive
* files_search_var_log() is wrong, var_log_t doesn't belong to the files
module. There is already an equivalent interface in logging.
* the concept of files_dump_core() is wrong. Applications do core dumps
in the current directory, and services just happen to "cd /" at the
start. It doesn't make sense for other domains.
* files_create_default_dir() needs to be 2 interfaces.
* I don't even know what to make of files_boot().
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-03-04 19:08 ` Christopher J. PeBenito
@ 2010-03-04 19:17 ` Christopher J. PeBenito
2010-03-05 16:46 ` Daniel J Walsh
1 sibling, 0 replies; 18+ messages in thread
From: Christopher J. PeBenito @ 2010-03-04 19:17 UTC (permalink / raw)
To: refpolicy
On Thu, 2010-03-04 at 14:08 -0500, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
> > http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
> >
> > New file context
> >
> > Lots of new interfaces
>
[...]
> * the files_relabel_all_files() change is still rejected, since block
> and chr files should have regular file types.
That is, they should *not* have regular file types.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-03-04 19:08 ` Christopher J. PeBenito
2010-03-04 19:17 ` Christopher J. PeBenito
@ 2010-03-05 16:46 ` Daniel J Walsh
2010-03-05 17:12 ` Daniel J Walsh
2010-03-08 14:02 ` Christopher J. PeBenito
1 sibling, 2 replies; 18+ messages in thread
From: Daniel J Walsh @ 2010-03-05 16:46 UTC (permalink / raw)
To: refpolicy
On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
>
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
>>
>> New file context
>>
>> Lots of new interfaces
>>
> * need explanation as to why boot_t would be a device node.
>
I can't find why. Might be some bizarro ia64 type machine. I will
remove and see if it comes back
> * need additional explanation as to the purpose of system_conf_t.
>
Miroslav has this one. It has to do with system-config-firewall.
> * the files_relabel_all_files() change is still rejected, since block
> and chr files should have regular file types.
>
This one comes about because of mkinitd being run by rpm in post installs.
Which does not happen any longer but I do not see what the benifit of
turning this off.
We have several tools like mock, liveusb_creator, kernel make etc that
are going to create blk_files
and chr_files in places like /tmp that might run a cp -p or some other
tool that is going to try to relabel.
> * the the files-delete_isid_type_files() additions need their own
> interfaces instead.
>
Fixed
> * same thing for files_delete_usr_files()
>
Removed
> * the files_read_usr_files() change is excessive
>
Ok can we remove src_t altogether then. It just seems to cause bugs and
I see no reason for this label.
It's only reason for being is to create AVC messages.
./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t)
./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
./policy/modules/system/userdomain.if:
files_read_usr_src_files($1_usertype)
./policy/modules/system/userdomain.if: files_exec_usr_src_files($1_t)
./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
./policy/modules/system/modutils.te:
files_getattr_usr_src_files(update_modules_t)
./policy/modules/kernel/files.if: files_read_usr_src_files($1)
./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',`
./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t)
./policy/modules/admin/portage.if: files_exec_usr_src_files($1)
Only one of these you might care about is portage.if, if that is the
case then I will eliminate the label from RedHat labeling.
> * files_search_var_log() is wrong, var_log_t doesn't belong to the files
> module. There is already an equivalent interface in logging.
>
Removed
> * the concept of files_dump_core() is wrong. Applications do core dumps
> in the current directory, and services just happen to "cd /" at the
> start. It doesn't make sense for other domains.
>
Fine I need a domain for creating files in the / directory which I can
then allow daemon to do.
Do you want to call this files_manage_root?
> * files_create_default_dir() needs to be 2 interfaces.
>
Added files_root_filetrans_default
> * I don't even know what to make of files_boot().
>
>
I think this is caused by early boot of the kernel, /dev/ gets labeled
boot_t until it gets relabeled in the initrc scripts. Might not exist
any longer with the move to dracut.
I will remove and see what happens.
Most people run an unconfined_domain(kernel_t) anyways.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-03-05 16:46 ` Daniel J Walsh
@ 2010-03-05 17:12 ` Daniel J Walsh
2010-03-08 11:26 ` Miroslav Grepl
2010-03-08 14:02 ` Christopher J. PeBenito
1 sibling, 1 reply; 18+ messages in thread
From: Daniel J Walsh @ 2010-03-05 17:12 UTC (permalink / raw)
To: refpolicy
On 03/05/2010 11:46 AM, Daniel J Walsh wrote:
> On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
>
>> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
>>
>>
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
>>>
>>> New file context
>>>
>>> Lots of new interfaces
>>>
>>>
>> * need explanation as to why boot_t would be a device node.
>>
>>
> I can't find why. Might be some bizarro ia64 type machine. I will
> remove and see if it comes back
>
>> * need additional explanation as to the purpose of system_conf_t.
>>
>>
> Miroslav has this one. It has to do with system-config-firewall.
>
>
>> * the files_relabel_all_files() change is still rejected, since block
>> and chr files should have regular file types.
>>
>>
> This one comes about because of mkinitd being run by rpm in post installs.
> Which does not happen any longer but I do not see what the benifit of
> turning this off.
> We have several tools like mock, liveusb_creator, kernel make etc that
> are going to create blk_files
> and chr_files in places like /tmp that might run a cp -p or some other
> tool that is going to try to relabel.
>
>
>> * the the files-delete_isid_type_files() additions need their own
>> interfaces instead.
>>
>>
> Fixed
>
>> * same thing for files_delete_usr_files()
>>
>>
> Removed
>
>> * the files_read_usr_files() change is excessive
>>
>>
> Ok can we remove src_t altogether then. It just seems to cause bugs and
> I see no reason for this label.
>
> It's only reason for being is to create AVC messages.
> ./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t)
> ./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
> ./policy/modules/system/userdomain.if:
> files_read_usr_src_files($1_usertype)
> ./policy/modules/system/userdomain.if: files_exec_usr_src_files($1_t)
> ./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
> ./policy/modules/system/modutils.te:
> files_getattr_usr_src_files(update_modules_t)
> ./policy/modules/kernel/files.if: files_read_usr_src_files($1)
> ./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
> ./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t)
> ./policy/modules/admin/portage.if: files_exec_usr_src_files($1)
>
> Only one of these you might care about is portage.if, if that is the
> case then I will eliminate the label from RedHat labeling.
>
>
>> * files_search_var_log() is wrong, var_log_t doesn't belong to the files
>> module. There is already an equivalent interface in logging.
>>
>>
> Removed
>
>> * the concept of files_dump_core() is wrong. Applications do core dumps
>> in the current directory, and services just happen to "cd /" at the
>> start. It doesn't make sense for other domains.
>>
>>
> Fine I need a domain for creating files in the / directory which I can
> then allow daemon to do.
> Do you want to call this files_manage_root?
>
>
>> * files_create_default_dir() needs to be 2 interfaces.
>>
>>
> Added files_root_filetrans_default
>
>> * I don't even know what to make of files_boot().
>>
>>
>>
> I think this is caused by early boot of the kernel, /dev/ gets labeled
> boot_t until it gets relabeled in the initrc scripts. Might not exist
> any longer with the move to dracut.
>
> I will remove and see what happens.
>
> Most people run an unconfined_domain(kernel_t) anyways.
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
Is this more to your liking?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kernel_files.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20100305/da553dc2/attachment-0001.pl
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-03-05 17:12 ` Daniel J Walsh
@ 2010-03-08 11:26 ` Miroslav Grepl
0 siblings, 0 replies; 18+ messages in thread
From: Miroslav Grepl @ 2010-03-08 11:26 UTC (permalink / raw)
To: refpolicy
On 03/05/2010 06:12 PM, Daniel J Walsh wrote:
> On 03/05/2010 11:46 AM, Daniel J Walsh wrote:
>> On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
>>> On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
>>>
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
>>>>
>>>> New file context
>>>>
>>>> Lots of new interfaces
>>>>
>>> * need explanation as to why boot_t would be a device node.
>>>
>> I can't find why. Might be some bizarro ia64 type machine. I will
>> remove and see if it comes back
>>> * need additional explanation as to the purpose of system_conf_t.
>>>
>> Miroslav has this one. It has to do with system-config-firewall.
>>
Yes, it is related with the s-c-firewall which writes to the sysctl.conf
file (to enable masquerading ) and creates the sysctl.conf.old file. But
s-c-firewall creates also 'iptables.conf.old' under /etc directory.
So we came up with a new type system_conf_t to solve this issue.
>>> * the files_relabel_all_files() change is still rejected, since block
>>> and chr files should have regular file types.
>>>
>> This one comes about because of mkinitd being run by rpm in post
>> installs.
>> Which does not happen any longer but I do not see what the benifit of
>> turning this off.
>> We have several tools like mock, liveusb_creator, kernel make etc that
>> are going to create blk_files
>> and chr_files in places like /tmp that might run a cp -p or some other
>> tool that is going to try to relabel.
>>
>>> * the the files-delete_isid_type_files() additions need their own
>>> interfaces instead.
>>>
>> Fixed
>>> * same thing for files_delete_usr_files()
>>>
>> Removed
>>> * the files_read_usr_files() change is excessive
>>>
>> Ok can we remove src_t altogether then. It just seems to cause bugs and
>> I see no reason for this label.
>>
>> It's only reason for being is to create AVC messages.
>> ./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t)
>>
>> ./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
>> ./policy/modules/system/userdomain.if:
>> files_read_usr_src_files($1_usertype)
>> ./policy/modules/system/userdomain.if: files_exec_usr_src_files($1_t)
>> ./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
>> ./policy/modules/system/modutils.te:
>> files_getattr_usr_src_files(update_modules_t)
>> ./policy/modules/kernel/files.if: files_read_usr_src_files($1)
>> ./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',`
>>
>> ./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
>> ./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
>> ./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t)
>>
>> ./policy/modules/admin/portage.if: files_exec_usr_src_files($1)
>>
>> Only one of these you might care about is portage.if, if that is the
>> case then I will eliminate the label from RedHat labeling.
>>
>>> * files_search_var_log() is wrong, var_log_t doesn't belong to the
>>> files
>>> module. There is already an equivalent interface in logging.
>>>
>> Removed
>>> * the concept of files_dump_core() is wrong. Applications do core
>>> dumps
>>> in the current directory, and services just happen to "cd /" at the
>>> start. It doesn't make sense for other domains.
>>>
>> Fine I need a domain for creating files in the / directory which I can
>> then allow daemon to do.
>> Do you want to call this files_manage_root?
>>
>>> * files_create_default_dir() needs to be 2 interfaces.
>>>
>> Added files_root_filetrans_default
>>> * I don't even know what to make of files_boot().
>>>
>>>
>> I think this is caused by early boot of the kernel, /dev/ gets labeled
>> boot_t until it gets relabeled in the initrc scripts. Might not exist
>> any longer with the move to dracut.
>>
>> I will remove and see what happens.
>>
>> Most people run an unconfined_domain(kernel_t) anyways.
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
> Is this more to your liking?
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100308/ae4bb83b/attachment.html
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2010-03-05 16:46 ` Daniel J Walsh
2010-03-05 17:12 ` Daniel J Walsh
@ 2010-03-08 14:02 ` Christopher J. PeBenito
1 sibling, 0 replies; 18+ messages in thread
From: Christopher J. PeBenito @ 2010-03-08 14:02 UTC (permalink / raw)
To: refpolicy
On Fri, 2010-03-05 at 11:46 -0500, Daniel J Walsh wrote:
> On 03/04/2010 02:08 PM, Christopher J. PeBenito wrote:
> > On Tue, 2010-02-23 at 17:21 -0500, Daniel J Walsh wrote:
> >
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/kernel_files.patch
> > * the files_read_usr_files() change is excessive
> >
> Ok can we remove src_t altogether then. It just seems to cause bugs and
> I see no reason for this label.
>
> It's only reason for being is to create AVC messages.
> ./policy/modules/services/networkmanager.te:files_read_usr_src_files(NetworkManager_t)
> ./policy/modules/services/virt.te:files_read_usr_src_files(virtd_t)
> ./policy/modules/system/userdomain.if:
> files_read_usr_src_files($1_usertype)
> ./policy/modules/system/userdomain.if: files_exec_usr_src_files($1_t)
> ./policy/modules/system/modutils.te:files_read_usr_src_files(depmod_t)
> ./policy/modules/system/modutils.te:
> files_getattr_usr_src_files(update_modules_t)
> ./policy/modules/kernel/files.if: files_read_usr_src_files($1)
> ./policy/modules/kernel/files.if:interface(`files_getattr_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_read_usr_src_files',`
> ./policy/modules/kernel/files.if:interface(`files_exec_usr_src_files',`
> ./policy/modules/admin/bootloader.te:files_read_usr_src_files(bootloader_t)
> ./policy/modules/admin/portage.if: files_exec_usr_src_files($1)
>
> Only one of these you might care about is portage.if, if that is the
> case then I will eliminate the label from RedHat labeling.
The only reason I can think of is to separate kernel sources out from
usr_t. Domains that can write to usr_t shouldn't necessarily be able to
write to the kernel sources.
> > * the concept of files_dump_core() is wrong. Applications do core dumps
> > in the current directory, and services just happen to "cd /" at the
> > start. It doesn't make sense for other domains.
> >
> Fine I need a domain for creating files in the / directory which I can
> then allow daemon to do.
> Do you want to call this files_manage_root?
files_manage_root_files().
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
@ 2009-11-12 21:01 Daniel J Walsh
2009-11-24 13:49 ` Christopher J. PeBenito
0 siblings, 1 reply; 18+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:01 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/kernel_files.patch
Additional files labels
additional interfaces to be used by domains
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
@ 2009-05-21 15:24 Daniel J Walsh
0 siblings, 0 replies; 18+ messages in thread
From: Daniel J Walsh @ 2009-05-21 15:24 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch
Add /afs as a mount point.
Label /[^/]* as etc_runtime_t, if init scripts create files here we
label them as etc_runtime_t (/halt, /.autorelabel... Probably cold
label them root_t and allow initscripts to manage_files_perms and
transiton to them.
Added files_relabel_all_file_type_fs for mounting with security context.
Need to have an interface to allow tmpreaper to delete file_t files, as
well as admin.
Other interfaces used by Fedora
Adding interface for inherited files, not sure what to call this. The
idea is, the shell can pass my confined domain any open file by my
confined domain can not open or create any file. Removed ioctl from
file access to see if we really need it.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
@ 2008-11-25 22:00 Daniel J Walsh
2008-12-02 22:51 ` Christopher J. PeBenito
0 siblings, 1 reply; 18+ messages in thread
From: Daniel J Walsh @ 2008-11-25 22:00 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch
Fix label of system_map under /boot/efi
Add etc_runtime to hosts.deny
Allow relabel from and to all blk and chr file context. This prevents
restorecon from breaking if users have blk files in homedir.
Add interfaces to rw_all_files
Allow relabel all filesytems to all other files systems (Mount context=)
Add the ability to delete unlabled file (file_t) tmpreaper needs to be
able to delete files left on /tmp that never got labeled on initial label.
A few other interfaces
Additional mount file ssytem. Any file type can be moved to /tmp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkksdZIACgkQrlYvE4MpobP6LACgyM9okXvx0ZSCaqPl3Zg85rbo
OagAnAxfBw+LhLzj30L6f/cZo6dumzUP
=qK4Y
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2008-11-25 22:00 Daniel J Walsh
@ 2008-12-02 22:51 ` Christopher J. PeBenito
2008-12-03 15:39 ` Daniel J Walsh
0 siblings, 1 reply; 18+ messages in thread
From: Christopher J. PeBenito @ 2008-12-02 22:51 UTC (permalink / raw)
To: refpolicy
On Tue, 2008-11-25 at 17:00 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch
>
> Fix label of system_map under /boot/efi
>
> Add etc_runtime to hosts.deny
I need justification for this.
> Allow relabel from and to all blk and chr file context. This prevents
> restorecon from breaking if users have blk files in homedir.
Why would there be device nodes in a user home directory? We can't
allow device nodes to be relabeled to something that is not a device
node type.
> Add interfaces to rw_all_files
>
> Allow relabel all filesytems to all other files systems (Mount context=)
When/why did the existing rule for this become insufficient?
> Add the ability to delete unlabled file (file_t) tmpreaper needs to be
> able to delete files left on /tmp that never got labeled on initial label.
I don't have a problem with this, but I think the
files_delete_isid_type_files() interface needs to be split up. Or put
the rules into the purge tmp interface.
> A few other interfaces
Need explanation for the polyinstantiation change.
files_delete_usr_files() needs to be broken up.
> Additional mount file ssytem. Any file type can be moved to /tmp.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 18+ messages in thread
* [refpolicy] kernel_files.patch
2008-12-02 22:51 ` Christopher J. PeBenito
@ 2008-12-03 15:39 ` Daniel J Walsh
0 siblings, 0 replies; 18+ messages in thread
From: Daniel J Walsh @ 2008-12-03 15:39 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Tue, 2008-11-25 at 17:00 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_files.patch
>>
>> Fix label of system_map under /boot/efi
>>
>> Add etc_runtime to hosts.deny
>
There are some init scripts that modify the hosts.deny file so it ends
up labeled etc_runtime_t. Forget which one.
> I need justification for this.
>
>> Allow relabel from and to all blk and chr file context. This prevents
>> restorecon from breaking if users have blk files in homedir.
>
> Why would there be device nodes in a user home directory? We can't
> allow device nodes to be relabeled to something that is not a device
> node type.
>
Any kernel developer will end up with chr and block devices in their
homedir, if they run a restorecon or setfiles on their home dir they get
avc messages when they relabel their homedir, with "valid" files in the
homedir. Trying to justify this denial, just ends up with kernel
engineers saying SELinux sucks...
>> Add interfaces to rw_all_files
>>
>> Allow relabel all filesytems to all other files systems (Mount context=)
>
> When/why did the existing rule for this become insufficient?
>
If you bind mount files or file systems mount needs to be able to
read/write the source.
>> Add the ability to delete unlabled file (file_t) tmpreaper needs to be
>> able to delete files left on /tmp that never got labeled on initial label.
>
> I don't have a problem with this, but I think the
> files_delete_isid_type_files() interface needs to be split up. Or put
> the rules into the purge tmp interface.
>
Fine.
>> A few other interfaces
>
> Need explanation for the polyinstantiation change.
>
> files_delete_usr_files() needs to be broken up.
>
Fine
>> Additional mount file ssytem. Any file type can be moved to /tmp.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk2qD8ACgkQrlYvE4MpobPdKACgoZ6yyvSjrbLoQavDndbQEmML
DU8AoKPX7vhM8puNQgd+kupyiSlu0tkW
=4vtR
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2010-08-26 22:47 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-04 21:24 [refpolicy] kernel_files.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 22:47 Daniel J Walsh
2010-06-02 20:22 Daniel J Walsh
2010-06-09 13:09 ` Christopher J. PeBenito
2010-06-09 19:10 ` Daniel J Walsh
2010-02-23 22:21 Daniel J Walsh
2010-03-04 19:08 ` Christopher J. PeBenito
2010-03-04 19:17 ` Christopher J. PeBenito
2010-03-05 16:46 ` Daniel J Walsh
2010-03-05 17:12 ` Daniel J Walsh
2010-03-08 11:26 ` Miroslav Grepl
2010-03-08 14:02 ` Christopher J. PeBenito
2009-11-12 21:01 Daniel J Walsh
2009-11-24 13:49 ` Christopher J. PeBenito
2009-05-21 15:24 Daniel J Walsh
2008-11-25 22:00 Daniel J Walsh
2008-12-02 22:51 ` Christopher J. PeBenito
2008-12-03 15:39 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.