From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash
Date: Mon, 15 Oct 2012 10:06:05 -0400 [thread overview]
Message-ID: <507C184D.6000405@redhat.com> (raw)
In-Reply-To: <CAPzO=NwBdyX23bxiJm98yZWOVvb=vLuZwgEA=fK6Xo9PHWieHQ@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/15/2012 05:43 AM, Sven Vermeulen wrote:
> In gentoo i am using flash_home_t as there are even non-browser apps using
> flash. And i don't trust flash.
>
> On Oct 14, 2012 10:44 PM, "Dominick Grift" <dominick.grift@gmail.com
> <mailto:dominick.grift@gmail.com>> wrote:
>
>
>
> On Sun, 2012-10-14 at 22:33 +0200, Dominick Grift wrote:
>>
>> On Sun, 2012-10-14 at 22:17 +0200, Dominick Grift wrote:
>>> I actually revisited the mozilla plugin and i am thinking about how to
>>> deal with plugins like flash and their userdom user home content.
>>>
>>> I am not yet sure if mozilla_home_t is the optimal type for this and
>>> if it is worth having a private type for it
>>>
>>> mozilla home type of files are sensitive in a sense. consider your
>>> password stored in mozilla etc.
>>>
>>> i am not sure whether flash home content justifies having a private
>>> type and if so if it is a good idea to label it mozilla home t
>>>
>>> if we label it mozilla home t and some app needs access to flash then
>>> it automatically has access to mozilla content and i am not sure if
>>> this is desired
>>>
>>> We now have the named file transition functionality so we can allow
>>> mozila access to generic user home content without problem and still
>>> have its sensitive content protected with the mozilla home type
>>>
>>> I would like the opinion of others on this issue
>>>
>>> it is worth to label flash content in home? and if so what would be a
>>> better idea: 1. to classify it mozilla home content or classify it
>>> something else?
>>
>> also consider the following one has two browsers for example firefox and
>> chromium, both use flash and both have their content in home with their
>> own private type
>>
>> the flash content in home is labeled as per your suggestion
>> mozilla_home_t, now chromium needs access to mozilla_home_t and as a
>> consequence can now also edit mozilla content
>>
>> this seems like a bad idea to me
>
> What people need to understand is that now that we have named file
> transitions the whole selinux in the desktop enviroment issue has changed
>
> Previously we desperately tried to avoid confined user agents to generic
> home content. This was because we had little fexibility with file type
> transitions in /home
>
> This caused issues that basically made us lose focus in the core issues
>
> protect what needs to be protected without losing functionality if
> possible
>
> Now we need to go back to focus on what is important.
>
> A browser can have access and create generic user content. Thats ok. Aslong
> as content worth protecting gets a private type.
>
> And aslong as confined agents only get the access they need
>
> And that is now possible.
>
> now we can confine the user space in a proper way without pissing of users
> (or at least pissing them off more than strictly required)
>
> protect what makes sense to protect and leave anything else generic
>
>>> On Sun, 2012-10-14 at 21:51 +0200, Mika Pfl?ger wrote:
>>>> From: Russel Coker <russell@coker.com.au
>>>> <mailto:russell@coker.com.au>>
>>>>
>>>> --- mozilla.fc | 1 + 1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/mozilla.fc b/mozilla.fc index 3a73e74..271928b 100644
>>>> --- a/mozilla.fc +++ b/mozilla.fc @@ -1,3 +1,4 @@
>>>> +HOME_DIR/\.adobe(/.*)?
> gen_context(system_u:object_r:mozilla_home_t,s0)
>>>> HOME_DIR/\.config/chromium(/.*)?
> gen_context(system_u:object_r:mozilla_home_t,s0)
>>>> HOME_DIR/\.galeon(/.*)?
> gen_context(system_u:object_r:mozilla_home_t,s0)
>>>> HOME_DIR/\.java(/.*)?
> gen_context(system_u:object_r:mozilla_home_t,s0)
>>>
>>>
>>
>>
>
>
> _______________________________________________ refpolicy mailing list
> refpolicy at oss.tresys.com <mailto:refpolicy@oss.tresys.com>
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
>
> _______________________________________________ refpolicy mailing list
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
>
I agree we should start to be moving to more types in homedir for better
separation. I would love to try to remove mozilla_plugin_t from full access
to mozilla_home_t also.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlB8GEwACgkQrlYvE4MpobPQnACgljfX88IB3zL8Ty+0S5DsLxMl
n3wAnjOhEyzEQlRb7VSKZJZLnL7rQtl7
=BuXw
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2012-10-15 14:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-14 19:51 [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash Mika Pflüger
2012-10-14 20:17 ` Dominick Grift
2012-10-14 20:33 ` Dominick Grift
2012-10-14 20:44 ` Dominick Grift
2012-10-15 9:43 ` Sven Vermeulen
2012-10-15 14:06 ` Daniel J Walsh [this message]
2012-10-15 14:24 ` Dominick Grift
2012-10-15 14:52 ` Dominick Grift
2012-10-15 17:34 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=507C184D.6000405@redhat.com \
--to=dwalsh@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.