[refpolicy] RFC init_daemon_run

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] RFC init_daemon_run_file
@ 2014-03-04 17:25 Sven Vermeulen
  2014-03-04 18:15 ` Sven Vermeulen
  0 siblings, 1 reply; 3+ messages in thread
From: Sven Vermeulen @ 2014-03-04 17:25 UTC (permalink / raw)
  To: refpolicy

Hi all

A couple of init scripts create PID files for their respective daemons
(domains) in the /run location. Right now, the SELinux policy supports
transitions for directories that are created in /run through the
init_daemon_run_dir() method.

In order to support PID files (and the proper transition) either the init
module needs to be extended with all those daemons' *_pid_filetrans()
calls and *_manage_pid_files() calls, but imo that breaks a bit the
isolation we want to introduce (and of which init_daemon_run_dir() is a nice
example).

I'm thinking about introducing an init_daemon_run_file() method and
daemonpidfile attribute, granting the initrc_t domain manage rights on the
daemonpidfile attribute (file class) and introducing the proper
files_pid_filetrans(initrc_t, $1, file, $2) in it.

I wouldn't reuse "pidfile" attribute as it is used for client application
PID files as well.

A second thought would be to update init_daemon_run_dir() as well to use
daemonpidfile. As "pidfile" as an attribute is used for directories as well,
it might be a good idea to use the same for daemonpidfile. After all, we
don't have a "rundir" attribute.

In other words, deprecate daemonrundir and use daemonpidfile instead.

What's your thoughts on this?

Wkr,
	Sven Vermeulen

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [refpolicy] RFC init_daemon_run_file
  2014-03-04 17:25 [refpolicy] RFC init_daemon_run_file Sven Vermeulen
@ 2014-03-04 18:15 ` Sven Vermeulen
  2014-03-17 13:41   ` Christopher J. PeBenito
  0 siblings, 1 reply; 3+ messages in thread
From: Sven Vermeulen @ 2014-03-04 18:15 UTC (permalink / raw)
  To: refpolicy

On Tue, Mar 04, 2014 at 06:25:07PM +0100, Sven Vermeulen wrote:
> A couple of init scripts create PID files for their respective daemons
> (domains) in the /run location. Right now, the SELinux policy supports
> transitions for directories that are created in /run through the
> init_daemon_run_dir() method.
[...]

bigon mentioned on #selinux that this was suggested end of 2012 [1]. There,
the suggestion was to generalize the existing method (init_daemon_run_dir)
to one that takes the class with it. However, there was no concensus on the
name (and "init_daemon_run" wouldn't cut it).

May I suggest the following?

interface(`init_script_generic_run_filetrans_spec',`
  gen_require(`
  	attribute daemonpidfile;
	type initrc_t;
  ')

  typeattribute $1 daemonpidfile;

  files_pid_filetrans(initrc_t, $1, $2, $3)
')

The name would be chosen due to the following:

- init_script_ (instead of init_) to identify that this is about initrc_t.
- generic_run_ to inform that we start from the generic run type (var_run_t)
- filetrans_ (because it is a file transition)
- spec (because it transitions to the specified type rather than a
  module-provided one).

Wkr,
	Sven Vermeulen

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [refpolicy] RFC init_daemon_run_file
  2014-03-04 18:15 ` Sven Vermeulen
@ 2014-03-17 13:41   ` Christopher J. PeBenito
  0 siblings, 0 replies; 3+ messages in thread
From: Christopher J. PeBenito @ 2014-03-17 13:41 UTC (permalink / raw)
  To: refpolicy

On 3/4/2014 1:15 PM, Sven Vermeulen wrote:
> On Tue, Mar 04, 2014 at 06:25:07PM +0100, Sven Vermeulen wrote:
>> A couple of init scripts create PID files for their respective daemons
>> (domains) in the /run location. Right now, the SELinux policy supports
>> transitions for directories that are created in /run through the
>> init_daemon_run_dir() method.
> [...]
> 
> bigon mentioned on #selinux that this was suggested end of 2012 [1]. There,
> the suggestion was to generalize the existing method (init_daemon_run_dir)
> to one that takes the class with it. However, there was no concensus on the
> name (and "init_daemon_run" wouldn't cut it).
> 
> May I suggest the following?
> 
> interface(`init_script_generic_run_filetrans_spec',`
>   gen_require(`
>   	attribute daemonpidfile;
> 	type initrc_t;
>   ')
> 
>   typeattribute $1 daemonpidfile;
> 
>   files_pid_filetrans(initrc_t, $1, $2, $3)
> ')
> 
> The name would be chosen due to the following:
> 
> - init_script_ (instead of init_) to identify that this is about initrc_t.
> - generic_run_ to inform that we start from the generic run type (var_run_t)
> - filetrans_ (because it is a file transition)
> - spec (because it transitions to the specified type rather than a
>   module-provided one).

I think I'd go with init_daemon_pid_file().  I'm thinking that we should skip the "script" portion since it's not so relevant; with systemd coming along, the init/initrc line is blurring or disappearing.  I think the interface should also be calling files_pid_file().

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-03-17 13:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-03-04 17:25 [refpolicy] RFC init_daemon_run_file Sven Vermeulen
2014-03-04 18:15 ` Sven Vermeulen
2014-03-17 13:41   ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.