* [refpolicy] [PATCH 1/2] base: label generic SSL certificates as standard files @ 2017-11-05 2:28 Guido Trentalancia 2017-11-05 0:39 ` Russell Coker 2017-11-05 2:55 ` [refpolicy] [PATCH 1/2 v2] " Guido Trentalancia 0 siblings, 2 replies; 11+ messages in thread From: Guido Trentalancia @ 2017-11-05 2:28 UTC (permalink / raw) To: refpolicy Reserve the cert_t file label for SSL private keys only and label the generic SSL certificates as standard files (e.g. etc_t for files in /etc/pki/ or usr_t for files in /usr/ subdirectories). This part (1/2) refers to the base policy changes. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> --- policy/modules/system/miscfiles.fc | 1 - 1 file changed, 1 deletion(-) diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.fc 2017-11-05 03:00:59.361768672 +0100 @@ -11,7 +11,6 @@ ifdef(`distro_gentoo',` /etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) -/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2] base: label generic SSL certificates as standard files 2017-11-05 2:28 [refpolicy] [PATCH 1/2] base: label generic SSL certificates as standard files Guido Trentalancia @ 2017-11-05 0:39 ` Russell Coker 2017-11-05 3:02 ` Guido Trentalancia 2017-11-05 2:55 ` [refpolicy] [PATCH 1/2 v2] " Guido Trentalancia 1 sibling, 1 reply; 11+ messages in thread From: Russell Coker @ 2017-11-05 0:39 UTC (permalink / raw) To: refpolicy On Sunday, 5 November 2017 3:28:59 AM AEDT Guido Trentalancia via refpolicy wrote: > Reserve the cert_t file label for SSL private keys only and > label the generic SSL certificates as standard files (e.g. > etc_t for files in /etc/pki/ or usr_t for files in /usr/ > subdirectories). Are you sure that we can't have private keys under /etc/pki? https://www.linux.com/BLOG/PKI-IMPLEMENTATION-LINUX-ADMIN https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/ Deployment_Guide/s1-secureserver-oldcert.html The above URLs suggest that /etc/pki/.*/private(/.*)? should be labeled as cert_t. But I don't have a setup to test this. > This part (1/2) refers to the base policy changes. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > --- > policy/modules/system/miscfiles.fc | 1 - > 1 file changed, 1 deletion(-) > > diff -pru a/policy/modules/system/miscfiles.fc > b/policy/modules/system/miscfiles.fc --- > a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 > +++ b/policy/modules/system/miscfiles.fc 2017-11-05 03:00:59.361768672 > +0100 @@ -11,7 +11,6 @@ ifdef(`distro_gentoo',` > /etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) > /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- > gen_context(system_u:object_r:cert_t,s0) > /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) > -/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) > /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) > /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2] base: label generic SSL certificates as standard files 2017-11-05 0:39 ` Russell Coker @ 2017-11-05 3:02 ` Guido Trentalancia 0 siblings, 0 replies; 11+ messages in thread From: Guido Trentalancia @ 2017-11-05 3:02 UTC (permalink / raw) To: refpolicy On Sun, 05/11/2017 at 11.39 +1100, Russell Coker wrote: > On Sunday, 5 November 2017 3:28:59 AM AEDT Guido Trentalancia via > refpolicy > wrote: > > Reserve the cert_t file label for SSL private keys only and > > label the generic SSL certificates as standard files (e.g. > > etc_t for files in /etc/pki/ or usr_t for files in /usr/ > > subdirectories). > > Are you sure that we can't have private keys under /etc/pki? I cannot test it either, as I do not run a web server. > https://www.linux.com/BLOG/PKI-IMPLEMENTATION-LINUX-ADMIN > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linu > x/5/html/ > Deployment_Guide/s1-secureserver-oldcert.html > > The above URLs suggest that /etc/pki/.*/private(/.*)? should be > labeled as > cert_t. But I don't have a setup to test this. I can create a new version of this patch to implement the above. Thanks for pointing this out. > > This part (1/2) refers to the base policy changes. > > > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > > --- > > policy/modules/system/miscfiles.fc | 1 - > > 1 file changed, 1 deletion(-) > > > > diff -pru a/policy/modules/system/miscfiles.fc > > b/policy/modules/system/miscfiles.fc --- > > a/policy/modules/system/miscfiles.fc 2017-11-04 > > 20:14:02.301932938 +0100 > > +++ b/policy/modules/system/miscfiles.fc 2017-11-05 > > 03:00:59.361768672 > > +0100 @@ -11,7 +11,6 @@ ifdef(`distro_gentoo',` > > /etc/avahi/etc/localtime -- gen_context(system_u:object_r:l > > ocale_t,s0) > > /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- > > gen_context(system_u:object_r:cert_t,s0) > > /etc/localtime -- gen_context(system_u:object > > _r:locale_t,s0) > > -/etc/pki(/.*)? gen_context(system_u:object_ > > r:cert_t,s0) > > /etc/ssl(/.*)? gen_context(system_u:object_ > > r:cert_t,s0) > > /etc/timezone -- gen_context(system_u:object > > _r:locale_t,s0) > > Regards, Guido ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v2] base: label generic SSL certificates as standard files 2017-11-05 2:28 [refpolicy] [PATCH 1/2] base: label generic SSL certificates as standard files Guido Trentalancia 2017-11-05 0:39 ` Russell Coker @ 2017-11-05 2:55 ` Guido Trentalancia 2017-11-05 3:06 ` [refpolicy] [PATCH 1/2 v3] " Guido Trentalancia 1 sibling, 1 reply; 11+ messages in thread From: Guido Trentalancia @ 2017-11-05 2:55 UTC (permalink / raw) To: refpolicy Reserve the cert_t file label for SSL private keys only and label the generic SSL certificates as standard files (e.g. etc_t for files in /etc/pki/ or usr_t for files in /usr/ subdirectories). This part (1/2) refers to the base policy changes. Further work might be now required to curb on the widespread use of miscfiles_{read,manage}_generic_certs(), so that its use is restricted to operations on private keys. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> --- policy/modules/system/miscfiles.fc | 1 - policy/modules/system/miscfiles.if | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.fc 2017-11-05 03:00:59.361768672 +0100 @@ -11,7 +11,6 @@ ifdef(`distro_gentoo',` /etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) -/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if --- a/policy/modules/system/miscfiles.if 2017-09-29 19:01:28.001455758 +0200 +++ b/policy/modules/system/miscfiles.if 2017-11-05 03:49:15.512756832 +0100 @@ -46,7 +46,7 @@ interface(`miscfiles_cert_type',` ######################################## ## <summary> -## Read all SSL certificates. +## Read all SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -67,7 +67,7 @@ interface(`miscfiles_read_all_certs',` ######################################## ## <summary> -## Read generic SSL certificates. +## Read generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -88,7 +88,7 @@ interface(`miscfiles_read_generic_certs' ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -106,7 +106,7 @@ interface(`miscfiles_manage_generic_cert ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v3] base: label generic SSL certificates as standard files 2017-11-05 2:55 ` [refpolicy] [PATCH 1/2 v2] " Guido Trentalancia @ 2017-11-05 3:06 ` Guido Trentalancia 2017-11-05 4:43 ` [refpolicy] [PATCH 1/2 v4] " Guido Trentalancia 0 siblings, 1 reply; 11+ messages in thread From: Guido Trentalancia @ 2017-11-05 3:06 UTC (permalink / raw) To: refpolicy Reserve the cert_t file label for SSL private keys only and label the generic SSL certificates as standard files (e.g. etc_t for files in /etc/pki/, except for those in /etc/pki/*/private/, and/or usr_t for files in /usr/ subdirectories). This part (1/2) refers to the base policy changes. Further work might be now required to curb on the widespread use of miscfiles_{read,manage}_generic_certs(), so that its use is restricted to operations on private keys. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> --- policy/modules/system/miscfiles.fc | 2 +- policy/modules/system/miscfiles.if | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.fc 2017-11-05 04:03:09.459753422 +0100 @@ -11,7 +11,7 @@ ifdef(`distro_gentoo',` /etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) -/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) +/etc/pki/.*/private(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if --- a/policy/modules/system/miscfiles.if 2017-09-29 19:01:28.001455758 +0200 +++ b/policy/modules/system/miscfiles.if 2017-11-05 03:49:15.512756832 +0100 @@ -46,7 +46,7 @@ interface(`miscfiles_cert_type',` ######################################## ## <summary> -## Read all SSL certificates. +## Read all SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -67,7 +67,7 @@ interface(`miscfiles_read_all_certs',` ######################################## ## <summary> -## Read generic SSL certificates. +## Read generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -88,7 +88,7 @@ interface(`miscfiles_read_generic_certs' ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -106,7 +106,7 @@ interface(`miscfiles_manage_generic_cert ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v4] base: label generic SSL certificates as standard files 2017-11-05 3:06 ` [refpolicy] [PATCH 1/2 v3] " Guido Trentalancia @ 2017-11-05 4:43 ` Guido Trentalancia 2017-11-05 22:32 ` [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys (was: "label generic SSL certificates as standard files") Guido Trentalancia 0 siblings, 1 reply; 11+ messages in thread From: Guido Trentalancia @ 2017-11-05 4:43 UTC (permalink / raw) To: refpolicy Reserve the cert_t file label for SSL private keys only and label the generic SSL certificates as standard files (e.g. etc_t for files in /etc/pki/, except for those in /etc/pki/*/private/, and/or usr_t for files in /usr/ subdirectories). This part (1/2) refers to the base policy changes. Further work might be now required to curb on the widespread use of miscfiles_{read,manage}_generic_certs(), so that its use is restricted to operations on private keys. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> --- policy/modules/system/authlogin.if | 4 ++-- policy/modules/system/authlogin.te | 2 +- policy/modules/system/miscfiles.fc | 2 +- policy/modules/system/miscfiles.if | 8 ++++---- policy/modules/system/udev.te | 1 - policy/modules/system/userdomain.if | 1 - 6 files changed, 8 insertions(+), 10 deletions(-) diff -pru a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if --- a/policy/modules/system/authlogin.if 2017-09-29 19:01:27.991455758 +0200 +++ b/policy/modules/system/authlogin.if 2017-11-05 05:32:33.394731493 +0100 @@ -380,13 +380,13 @@ interface(`auth_domtrans_chk_passwd',` dev_read_rand($1) dev_read_urand($1) + files_read_etc_files($1) + auth_use_nsswitch($1) auth_rw_faillog($1) logging_send_audit_msgs($1) - miscfiles_read_generic_certs($1) - optional_policy(` kerberos_read_keytab($1) ') diff -pru a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te --- a/policy/modules/system/authlogin.te 2017-09-29 19:01:27.991455758 +0200 +++ b/policy/modules/system/authlogin.te 2017-11-05 05:34:44.948730955 +0100 @@ -264,6 +264,7 @@ dev_read_urand(pam_console_t) files_read_etc_files(pam_console_t) files_search_pids(pam_console_t) files_list_mnt(pam_console_t) +files_read_etc_files(pam_console_t) # read /etc/mtab files_read_etc_runtime_files(pam_console_t) @@ -299,7 +300,6 @@ init_use_script_ptys(pam_console_t) logging_send_syslog_msg(pam_console_t) miscfiles_read_localization(pam_console_t) -miscfiles_read_generic_certs(pam_console_t) seutil_read_file_contexts(pam_console_t) diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.fc 2017-11-05 04:03:09.459753422 +0100 @@ -11,7 +11,7 @@ ifdef(`distro_gentoo',` /etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) -/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) +/etc/pki/.*/private(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if --- a/policy/modules/system/miscfiles.if 2017-09-29 19:01:28.001455758 +0200 +++ b/policy/modules/system/miscfiles.if 2017-11-05 03:49:15.512756832 +0100 @@ -46,7 +46,7 @@ interface(`miscfiles_cert_type',` ######################################## ## <summary> -## Read all SSL certificates. +## Read all SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -67,7 +67,7 @@ interface(`miscfiles_read_all_certs',` ######################################## ## <summary> -## Read generic SSL certificates. +## Read generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -88,7 +88,7 @@ interface(`miscfiles_read_generic_certs' ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> @@ -106,7 +106,7 @@ interface(`miscfiles_manage_generic_cert ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL private keys. ## </summary> ## <param name="domain"> ## <summary> diff -pru a/policy/modules/system/udev.te b/policy/modules/system/udev.te --- a/policy/modules/system/udev.te 2017-09-29 19:01:28.008455758 +0200 +++ b/policy/modules/system/udev.te 2017-11-05 05:37:57.738730167 +0100 @@ -202,7 +202,6 @@ ifdef(`distro_debian',` # for /usr/lib/avahi/avahi-daemon-check-dns.sh kernel_read_vm_sysctls(udev_t) corenet_udp_bind_generic_node(udev_t) - miscfiles_read_generic_certs(udev_t) avahi_create_pid_dirs(udev_t) avahi_initrc_domtrans(udev_t) avahi_manage_pid_files(udev_t) diff -pru a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if --- a/policy/modules/system/userdomain.if 2017-11-04 20:14:02.302932938 +0100 +++ b/policy/modules/system/userdomain.if 2017-11-05 05:30:37.831731966 +0100 @@ -110,7 +110,6 @@ template(`userdom_base_user_template',` libs_exec_ld_so($1_t) miscfiles_read_localization($1_t) - miscfiles_read_generic_certs($1_t) sysnet_read_config($1_t) ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys (was: "label generic SSL certificates as standard files") 2017-11-05 4:43 ` [refpolicy] [PATCH 1/2 v4] " Guido Trentalancia @ 2017-11-05 22:32 ` Guido Trentalancia 2017-11-08 1:48 ` [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys Chris PeBenito 0 siblings, 1 reply; 11+ messages in thread From: Guido Trentalancia @ 2017-11-05 22:32 UTC (permalink / raw) To: refpolicy Reserve the ssl_privkey_t file label for SSL private keys (e.g. files in /etc/pki/*/private/). Create and use appropriate interfaces for such new scenario (so that SSL private keys are protected). This part (1/2) refers to the base policy changes. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> --- policy/modules/system/miscfiles.fc | 1 policy/modules/system/miscfiles.if | 104 +++++++++++++++++++++++++++++++++++++ policy/modules/system/miscfiles.te | 7 ++ 3 files changed, 112 insertions(+) diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.fc 2017-11-05 21:21:46.574498652 +0100 @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',` /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) +/etc/pki/.*/private(/.*)? gen_context(system_u:object_r:ssl_privkey_t,s0) /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if --- a/policy/modules/system/miscfiles.if 2017-09-29 19:01:28.001455758 +0200 +++ b/policy/modules/system/miscfiles.if 2017-11-05 21:46:31.113492583 +0100 @@ -46,6 +46,51 @@ interface(`miscfiles_cert_type',` ######################################## ## <summary> +## Make the specified type usable +## as a SSL private key file. +## </summary> +## <desc> +## <p> +## Make the specified type usable for SSL private key files. +## This will also make the type usable for files, making +## calls to files_type() redundant. Failure to use this interface +## for a temporary file may result in problems with +## SSL private key management tools. +## </p> +## <p> +## Related interfaces: +## </p> +## <ul> +## <li>files_type()</li> +## </ul> +## <p> +## Example: +## </p> +## <p> +## type mysslprivkeyfile_t; +## ssl_privkey_type(mysslprivkeyfile_t) +## allow mydomain_t mysslprivkeyfile_t:file read_file_perms; +## files_search_etc(mydomain_t) +## </p> +## </desc> +## <param name="type"> +## <summary> +## Type to be used for files. +## </summary> +## </param> +## <infoflow type="none"/> +# +interface(`miscfiles_ssl_privkey_type',` + gen_require(` + attribute ssl_privkey_type; + ') + + typeattribute $1 ssl_privkey_type; + files_type($1) +') + +######################################## +## <summary> ## Read all SSL certificates. ## </summary> ## <param name="domain"> @@ -125,6 +170,65 @@ interface(`miscfiles_manage_generic_cert ') ######################################## +## <summary> +## Read SSL private keys. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`miscfiles_read_ssl_privkey',` + gen_require(` + type ssl_privkey_t; + ') + + allow $1 ssl_privkey_t:dir list_dir_perms; + read_files_pattern($1, ssl_privkey_t, ssl_privkey_t) + read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t) +') + +######################################## +## <summary> +## Manage SSL private keys. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`miscfiles_manage_ssl_privkey_dirs',` + gen_require(` + type ssl_privkey_t; + ') + + manage_dirs_pattern($1, ssl_privkey_t, ssl_privkey_t) +') + +######################################## +## <summary> +## Manage SSL private keys. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`miscfiles_manage_ssl_privkey_files',` + gen_require(` + type ssl_privkey_t; + ') + + manage_files_pattern($1, ssl_privkey_t, ssl_privkey_t) + read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t) +') + +######################################## ## <summary> ## Read fonts. ## </summary> diff -pru a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te --- a/policy/modules/system/miscfiles.te 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.te 2017-11-05 23:22:06.926469134 +0100 @@ -6,6 +6,7 @@ policy_module(miscfiles, 1.13.2) # attribute cert_type; +attribute ssl_privkey_type; # # cert_t is the type of files in the system certs directories. @@ -14,6 +15,12 @@ type cert_t; miscfiles_cert_type(cert_t) # +# ssl_privkey_t is the type of files for the SSL private keys. +# +type ssl_privkey_t; +miscfiles_ssl_privkey_type(ssl_privkey_t) + +# # fonts_t is the type of various font # files in /usr # ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys 2017-11-05 22:32 ` [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys (was: "label generic SSL certificates as standard files") Guido Trentalancia @ 2017-11-08 1:48 ` Chris PeBenito 2017-11-08 14:55 ` Guido Trentalancia 2017-11-08 17:30 ` [refpolicy] [PATCH 1/2 v6] " Guido Trentalancia 0 siblings, 2 replies; 11+ messages in thread From: Chris PeBenito @ 2017-11-08 1:48 UTC (permalink / raw) To: refpolicy On 11/05/2017 05:32 PM, Guido Trentalancia via refpolicy wrote: > Reserve the ssl_privkey_t file label for SSL private keys (e.g. > files in /etc/pki/*/private/). > > Create and use appropriate interfaces for such new scenario (so > that SSL private keys are protected). Perhaps I'm just being too pedantic, but no one uses SSL, so why not use TLS in the type name? > This part (1/2) refers to the base policy changes. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > --- > policy/modules/system/miscfiles.fc | 1 > policy/modules/system/miscfiles.if | 104 +++++++++++++++++++++++++++++++++++++ > policy/modules/system/miscfiles.te | 7 ++ > 3 files changed, 112 insertions(+) > > diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc > --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 > +++ b/policy/modules/system/miscfiles.fc 2017-11-05 21:21:46.574498652 +0100 > @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',` > /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) > /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) > /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) > +/etc/pki/.*/private(/.*)? gen_context(system_u:object_r:ssl_privkey_t,s0) > /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) > /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) > > diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if > --- a/policy/modules/system/miscfiles.if 2017-09-29 19:01:28.001455758 +0200 > +++ b/policy/modules/system/miscfiles.if 2017-11-05 21:46:31.113492583 +0100 > @@ -46,6 +46,51 @@ interface(`miscfiles_cert_type',` > > ######################################## > ## <summary> > +## Make the specified type usable > +## as a SSL private key file. > +## </summary> > +## <desc> > +## <p> > +## Make the specified type usable for SSL private key files. > +## This will also make the type usable for files, making > +## calls to files_type() redundant. Failure to use this interface > +## for a temporary file may result in problems with > +## SSL private key management tools. > +## </p> > +## <p> > +## Related interfaces: > +## </p> > +## <ul> > +## <li>files_type()</li> > +## </ul> > +## <p> > +## Example: > +## </p> > +## <p> > +## type mysslprivkeyfile_t; > +## ssl_privkey_type(mysslprivkeyfile_t) > +## allow mydomain_t mysslprivkeyfile_t:file read_file_perms; > +## files_search_etc(mydomain_t) > +## </p> > +## </desc> > +## <param name="type"> > +## <summary> > +## Type to be used for files. > +## </summary> > +## </param> > +## <infoflow type="none"/> > +# > +interface(`miscfiles_ssl_privkey_type',` > + gen_require(` > + attribute ssl_privkey_type; > + ') > + > + typeattribute $1 ssl_privkey_type; > + files_type($1) > +') > + > +######################################## > +## <summary> > ## Read all SSL certificates. > ## </summary> > ## <param name="domain"> > @@ -125,6 +170,65 @@ interface(`miscfiles_manage_generic_cert > ') > > ######################################## > +## <summary> > +## Read SSL private keys. > +## </summary> > +## <param name="domain"> > +## <summary> > +## Domain allowed access. > +## </summary> > +## </param> > +## <rolecap/> > +# > +interface(`miscfiles_read_ssl_privkey',` This should have "generic privkeys" in the interface name (and below), since other private keys would have different types. > + gen_require(` > + type ssl_privkey_t; > + ') > + > + allow $1 ssl_privkey_t:dir list_dir_perms; > + read_files_pattern($1, ssl_privkey_t, ssl_privkey_t) > + read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t) > +') > + > +######################################## > +## <summary> > +## Manage SSL private keys. > +## </summary> > +## <param name="domain"> > +## <summary> > +## Domain allowed access. > +## </summary> > +## </param> > +# > +interface(`miscfiles_manage_ssl_privkey_dirs',` > + gen_require(` > + type ssl_privkey_t; > + ') > + > + manage_dirs_pattern($1, ssl_privkey_t, ssl_privkey_t) > +') > + > +######################################## > +## <summary> > +## Manage SSL private keys. > +## </summary> > +## <param name="domain"> > +## <summary> > +## Domain allowed access. > +## </summary> > +## </param> > +## <rolecap/> > +# > +interface(`miscfiles_manage_ssl_privkey_files',` > + gen_require(` > + type ssl_privkey_t; > + ') > + > + manage_files_pattern($1, ssl_privkey_t, ssl_privkey_t) > + read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t) > +') > + > +######################################## > ## <summary> > ## Read fonts. > ## </summary> > diff -pru a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te > --- a/policy/modules/system/miscfiles.te 2017-11-04 20:14:02.301932938 +0100 > +++ b/policy/modules/system/miscfiles.te 2017-11-05 23:22:06.926469134 +0100 > @@ -6,6 +6,7 @@ policy_module(miscfiles, 1.13.2) > # > > attribute cert_type; > +attribute ssl_privkey_type; > > # > # cert_t is the type of files in the system certs directories. > @@ -14,6 +15,12 @@ type cert_t; > miscfiles_cert_type(cert_t) > > # > +# ssl_privkey_t is the type of files for the SSL private keys. > +# > +type ssl_privkey_t; > +miscfiles_ssl_privkey_type(ssl_privkey_t) > + > +# > # fonts_t is the type of various font > # files in /usr > # -- Chris PeBenito ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys 2017-11-08 1:48 ` [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys Chris PeBenito @ 2017-11-08 14:55 ` Guido Trentalancia 2017-11-08 17:30 ` [refpolicy] [PATCH 1/2 v6] " Guido Trentalancia 1 sibling, 0 replies; 11+ messages in thread From: Guido Trentalancia @ 2017-11-08 14:55 UTC (permalink / raw) To: refpolicy Hello Christopher, thanks for getting back on this patchset... On the 8th of November 2017 02:48:44 CET, Chris PeBenito <pebenito@ieee.org> wrote: >On 11/05/2017 05:32 PM, Guido Trentalancia via refpolicy wrote: >> Reserve the ssl_privkey_t file label for SSL private keys (e.g. >> files in /etc/pki/*/private/). >> >> Create and use appropriate interfaces for such new scenario (so >> that SSL private keys are protected). > >Perhaps I'm just being too pedantic, but no one uses SSL, so why not >use >TLS in the type name? It is mostly for "historic" reasons *and* because the interface descriptions in miscfiles.if refer to "SSL certificates"! However, since you ask explicitly, I can change the name... >> This part (1/2) refers to the base policy changes. >> >> Signed-off-by: Guido Trentalancia <guido@trentalancia.com> >> --- >> policy/modules/system/miscfiles.fc | 1 >> policy/modules/system/miscfiles.if | 104 >+++++++++++++++++++++++++++++++++++++ >> policy/modules/system/miscfiles.te | 7 ++ >> 3 files changed, 112 insertions(+) >> >> diff -pru a/policy/modules/system/miscfiles.fc >b/policy/modules/system/miscfiles.fc >> --- a/policy/modules/system/miscfiles.fc 2017-11-04 >20:14:02.301932938 +0100 >> +++ b/policy/modules/system/miscfiles.fc 2017-11-05 >21:21:46.574498652 +0100 >> @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',` >> /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- >gen_context(system_u:object_r:cert_t,s0) >> /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) >> /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) >> >+/etc/pki/.*/private(/.*)? gen_context(system_u:object_r:ssl_privkey_t,s0) >> /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) >> /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) >> >> diff -pru a/policy/modules/system/miscfiles.if >b/policy/modules/system/miscfiles.if >> --- a/policy/modules/system/miscfiles.if 2017-09-29 >19:01:28.001455758 +0200 >> +++ b/policy/modules/system/miscfiles.if 2017-11-05 >21:46:31.113492583 +0100 >> @@ -46,6 +46,51 @@ interface(`miscfiles_cert_type',` >> >> ######################################## >> ## <summary> >> +## Make the specified type usable >> +## as a SSL private key file. >> +## </summary> >> +## <desc> >> +## <p> >> +## Make the specified type usable for SSL private key files. >> +## This will also make the type usable for files, making >> +## calls to files_type() redundant. Failure to use this interface >> +## for a temporary file may result in problems with >> +## SSL private key management tools. >> +## </p> >> +## <p> >> +## Related interfaces: >> +## </p> >> +## <ul> >> +## <li>files_type()</li> >> +## </ul> >> +## <p> >> +## Example: >> +## </p> >> +## <p> >> +## type mysslprivkeyfile_t; >> +## ssl_privkey_type(mysslprivkeyfile_t) >> +## allow mydomain_t mysslprivkeyfile_t:file read_file_perms; >> +## files_search_etc(mydomain_t) >> +## </p> >> +## </desc> >> +## <param name="type"> >> +## <summary> >> +## Type to be used for files. >> +## </summary> >> +## </param> >> +## <infoflow type="none"/> >> +# >> +interface(`miscfiles_ssl_privkey_type',` >> + gen_require(` >> + attribute ssl_privkey_type; >> + ') >> + >> + typeattribute $1 ssl_privkey_type; >> + files_type($1) >> +') >> + >> +######################################## >> +## <summary> >> ## Read all SSL certificates. >> ## </summary> >> ## <param name="domain"> >> @@ -125,6 +170,65 @@ interface(`miscfiles_manage_generic_cert >> ') >> >> ######################################## >> +## <summary> >> +## Read SSL private keys. >> +## </summary> >> +## <param name="domain"> >> +## <summary> >> +## Domain allowed access. >> +## </summary> >> +## </param> >> +## <rolecap/> >> +# >> +interface(`miscfiles_read_ssl_privkey',` > >This should have "generic privkeys" in the interface name (and below), >since other private keys would have different types. I do not clearly understand this point... Including the existing "SSL certificates" interfaces. There is only one type of private keys, so what's the point? They are all private keys (and "SSL certificates") shared among all servers that implement SSL/TLS. Again, since you've asked explicitly, I'll change that in a new forthcoming version, so that we get the important benefits of this patchset. >> + gen_require(` >> + type ssl_privkey_t; >> + ') >> + >> + allow $1 ssl_privkey_t:dir list_dir_perms; >> + read_files_pattern($1, ssl_privkey_t, ssl_privkey_t) >> + read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t) >> +') >> + >> +######################################## >> +## <summary> >> +## Manage SSL private keys. >> +## </summary> >> +## <param name="domain"> >> +## <summary> >> +## Domain allowed access. >> +## </summary> >> +## </param> >> +# >> +interface(`miscfiles_manage_ssl_privkey_dirs',` >> + gen_require(` >> + type ssl_privkey_t; >> + ') >> + >> + manage_dirs_pattern($1, ssl_privkey_t, ssl_privkey_t) >> +') >> + >> +######################################## >> +## <summary> >> +## Manage SSL private keys. >> +## </summary> >> +## <param name="domain"> >> +## <summary> >> +## Domain allowed access. >> +## </summary> >> +## </param> >> +## <rolecap/> >> +# >> +interface(`miscfiles_manage_ssl_privkey_files',` >> + gen_require(` >> + type ssl_privkey_t; >> + ') >> + >> + manage_files_pattern($1, ssl_privkey_t, ssl_privkey_t) >> + read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t) >> +') >> + >> +######################################## >> ## <summary> >> ## Read fonts. >> ## </summary> >> diff -pru a/policy/modules/system/miscfiles.te >b/policy/modules/system/miscfiles.te >> --- a/policy/modules/system/miscfiles.te 2017-11-04 >20:14:02.301932938 +0100 >> +++ b/policy/modules/system/miscfiles.te 2017-11-05 >23:22:06.926469134 +0100 >> @@ -6,6 +6,7 @@ policy_module(miscfiles, 1.13.2) >> # >> >> attribute cert_type; >> +attribute ssl_privkey_type; >> >> # >> # cert_t is the type of files in the system certs directories. >> @@ -14,6 +15,12 @@ type cert_t; >> miscfiles_cert_type(cert_t) >> >> # >> +# ssl_privkey_t is the type of files for the SSL private keys. >> +# >> +type ssl_privkey_t; >> +miscfiles_ssl_privkey_type(ssl_privkey_t) >> + >> +# >> # fonts_t is the type of various font >> # files in /usr >> # Regards, Guido ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v6] base: create a type for SSL private keys 2017-11-08 1:48 ` [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys Chris PeBenito 2017-11-08 14:55 ` Guido Trentalancia @ 2017-11-08 17:30 ` Guido Trentalancia 2017-11-09 22:26 ` Chris PeBenito 1 sibling, 1 reply; 11+ messages in thread From: Guido Trentalancia @ 2017-11-08 17:30 UTC (permalink / raw) To: refpolicy Reserve the tls_privkey_t file label for SSL/TLS private keys (e.g. files in /etc/pki/*/private/). Create and use appropriate interfaces for such new scenario (so that SSL/TLS private keys are protected). This part (1/2) refers to the base policy changes. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> --- policy/modules/system/miscfiles.fc | 1 policy/modules/system/miscfiles.if | 115 +++++++++++++++++++++++++++++++++++-- policy/modules/system/miscfiles.te | 7 ++ 3 files changed, 119 insertions(+), 4 deletions(-) diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.fc 2017-11-08 18:06:34.725072030 +0100 @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',` /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) +/etc/pki/.*/private(/.*)? gen_context(system_u:object_r:tls_privkey_t,s0) /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if --- a/policy/modules/system/miscfiles.if 2017-09-29 19:01:28.001455758 +0200 +++ b/policy/modules/system/miscfiles.if 2017-11-08 18:14:41.502070040 +0100 @@ -46,7 +46,52 @@ interface(`miscfiles_cert_type',` ######################################## ## <summary> -## Read all SSL certificates. +## Make the specified type usable +## as a SSL/TLS private key file. +## </summary> +## <desc> +## <p> +## Make the specified type usable for SSL/TLS private key files. +## This will also make the type usable for files, making +## calls to files_type() redundant. Failure to use this interface +## for a temporary file may result in problems with +## SSL/TLS private key management tools. +## </p> +## <p> +## Related interfaces: +## </p> +## <ul> +## <li>files_type()</li> +## </ul> +## <p> +## Example: +## </p> +## <p> +## type mytlsprivkeyfile_t; +## tls_privkey_type(mytlsprivkeyfile_t) +## allow mydomain_t mytlsprivkeyfile_t:file read_file_perms; +## files_search_etc(mydomain_t) +## </p> +## </desc> +## <param name="type"> +## <summary> +## Type to be used for files. +## </summary> +## </param> +## <infoflow type="none"/> +# +interface(`miscfiles_tls_privkey_type',` + gen_require(` + attribute tls_privkey_type; + ') + + typeattribute $1 tls_privkey_type; + files_type($1) +') + +######################################## +## <summary> +## Read all SSL/TLS certificates. ## </summary> ## <param name="domain"> ## <summary> @@ -67,7 +112,7 @@ interface(`miscfiles_read_all_certs',` ######################################## ## <summary> -## Read generic SSL certificates. +## Read generic SSL/TLS certificates. ## </summary> ## <param name="domain"> ## <summary> @@ -88,7 +133,7 @@ interface(`miscfiles_read_generic_certs' ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL/TLS certificates. ## </summary> ## <param name="domain"> ## <summary> @@ -106,7 +151,7 @@ interface(`miscfiles_manage_generic_cert ######################################## ## <summary> -## Manage generic SSL certificates. +## Manage generic SSL/TLS certificates. ## </summary> ## <param name="domain"> ## <summary> @@ -125,6 +170,68 @@ interface(`miscfiles_manage_generic_cert ') ######################################## +## <summary> +## Read generic SSL/TLS private +## keys. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`miscfiles_read_generic_tls_privkey',` + gen_require(` + type tls_privkey_t; + ') + + allow $1 tls_privkey_t:dir list_dir_perms; + read_files_pattern($1, tls_privkey_t, tls_privkey_t) + read_lnk_files_pattern($1, tls_privkey_t, tls_privkey_t) +') + +######################################## +## <summary> +## Manage generic SSL/TLS private +## keys. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`miscfiles_manage_generic_tls_privkey_dirs',` + gen_require(` + type tls_privkey_t; + ') + + manage_dirs_pattern($1, tls_privkey_t, tls_privkey_t) +') + +######################################## +## <summary> +## Manage generic SSL/TLS private +## keys. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`miscfiles_manage_generic_tls_privkey_files',` + gen_require(` + type tls_privkey_t; + ') + + manage_files_pattern($1, tls_privkey_t, tls_privkey_t) + read_lnk_files_pattern($1, tls_privkey_t, tls_privkey_t) +') + +######################################## ## <summary> ## Read fonts. ## </summary> diff -pru a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te --- a/policy/modules/system/miscfiles.te 2017-11-04 20:14:02.301932938 +0100 +++ b/policy/modules/system/miscfiles.te 2017-11-08 18:08:26.250071574 +0100 @@ -6,6 +6,7 @@ policy_module(miscfiles, 1.13.2) # attribute cert_type; +attribute tls_privkey_type; # # cert_t is the type of files in the system certs directories. @@ -14,6 +15,12 @@ type cert_t; miscfiles_cert_type(cert_t) # +# tls_privkey_t is the type of files for the SSL/TLS private keys. +# +type tls_privkey_t; +miscfiles_tls_privkey_type(tls_privkey_t) + +# # fonts_t is the type of various font # files in /usr # ^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH 1/2 v6] base: create a type for SSL private keys 2017-11-08 17:30 ` [refpolicy] [PATCH 1/2 v6] " Guido Trentalancia @ 2017-11-09 22:26 ` Chris PeBenito 0 siblings, 0 replies; 11+ messages in thread From: Chris PeBenito @ 2017-11-09 22:26 UTC (permalink / raw) To: refpolicy On 11/08/2017 12:30 PM, Guido Trentalancia via refpolicy wrote: > Reserve the tls_privkey_t file label for SSL/TLS private keys (e.g. > files in /etc/pki/*/private/). > > Create and use appropriate interfaces for such new scenario (so > that SSL/TLS private keys are protected). > > This part (1/2) refers to the base policy changes. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > --- > policy/modules/system/miscfiles.fc | 1 > policy/modules/system/miscfiles.if | 115 +++++++++++++++++++++++++++++++++++-- > policy/modules/system/miscfiles.te | 7 ++ > 3 files changed, 119 insertions(+), 4 deletions(-) > > diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc > --- a/policy/modules/system/miscfiles.fc 2017-11-04 20:14:02.301932938 +0100 > +++ b/policy/modules/system/miscfiles.fc 2017-11-08 18:06:34.725072030 +0100 > @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',` > /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) > /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) > /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) > +/etc/pki/.*/private(/.*)? gen_context(system_u:object_r:tls_privkey_t,s0) > /etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) > /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) > > diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if > --- a/policy/modules/system/miscfiles.if 2017-09-29 19:01:28.001455758 +0200 > +++ b/policy/modules/system/miscfiles.if 2017-11-08 18:14:41.502070040 +0100 > @@ -46,7 +46,52 @@ interface(`miscfiles_cert_type',` > > ######################################## > ## <summary> > -## Read all SSL certificates. > +## Make the specified type usable > +## as a SSL/TLS private key file. > +## </summary> > +## <desc> > +## <p> > +## Make the specified type usable for SSL/TLS private key files. > +## This will also make the type usable for files, making > +## calls to files_type() redundant. Failure to use this interface > +## for a temporary file may result in problems with > +## SSL/TLS private key management tools. > +## </p> > +## <p> > +## Related interfaces: > +## </p> > +## <ul> > +## <li>files_type()</li> > +## </ul> > +## <p> > +## Example: > +## </p> > +## <p> > +## type mytlsprivkeyfile_t; > +## tls_privkey_type(mytlsprivkeyfile_t) > +## allow mydomain_t mytlsprivkeyfile_t:file read_file_perms; > +## files_search_etc(mydomain_t) > +## </p> > +## </desc> > +## <param name="type"> > +## <summary> > +## Type to be used for files. > +## </summary> > +## </param> > +## <infoflow type="none"/> > +# > +interface(`miscfiles_tls_privkey_type',` > + gen_require(` > + attribute tls_privkey_type; > + ') > + > + typeattribute $1 tls_privkey_type; > + files_type($1) > +') > + > +######################################## > +## <summary> > +## Read all SSL/TLS certificates. > ## </summary> > ## <param name="domain"> > ## <summary> > @@ -67,7 +112,7 @@ interface(`miscfiles_read_all_certs',` > > ######################################## > ## <summary> > -## Read generic SSL certificates. > +## Read generic SSL/TLS certificates. > ## </summary> > ## <param name="domain"> > ## <summary> > @@ -88,7 +133,7 @@ interface(`miscfiles_read_generic_certs' > > ######################################## > ## <summary> > -## Manage generic SSL certificates. > +## Manage generic SSL/TLS certificates. > ## </summary> > ## <param name="domain"> > ## <summary> > @@ -106,7 +151,7 @@ interface(`miscfiles_manage_generic_cert > > ######################################## > ## <summary> > -## Manage generic SSL certificates. > +## Manage generic SSL/TLS certificates. > ## </summary> > ## <param name="domain"> > ## <summary> > @@ -125,6 +170,68 @@ interface(`miscfiles_manage_generic_cert > ') > > ######################################## > +## <summary> > +## Read generic SSL/TLS private > +## keys. > +## </summary> > +## <param name="domain"> > +## <summary> > +## Domain allowed access. > +## </summary> > +## </param> > +## <rolecap/> > +# > +interface(`miscfiles_read_generic_tls_privkey',` > + gen_require(` > + type tls_privkey_t; > + ') > + > + allow $1 tls_privkey_t:dir list_dir_perms; > + read_files_pattern($1, tls_privkey_t, tls_privkey_t) > + read_lnk_files_pattern($1, tls_privkey_t, tls_privkey_t) > +') > + > +######################################## > +## <summary> > +## Manage generic SSL/TLS private > +## keys. > +## </summary> > +## <param name="domain"> > +## <summary> > +## Domain allowed access. > +## </summary> > +## </param> > +# > +interface(`miscfiles_manage_generic_tls_privkey_dirs',` > + gen_require(` > + type tls_privkey_t; > + ') > + > + manage_dirs_pattern($1, tls_privkey_t, tls_privkey_t) > +') > + > +######################################## > +## <summary> > +## Manage generic SSL/TLS private > +## keys. > +## </summary> > +## <param name="domain"> > +## <summary> > +## Domain allowed access. > +## </summary> > +## </param> > +## <rolecap/> > +# > +interface(`miscfiles_manage_generic_tls_privkey_files',` > + gen_require(` > + type tls_privkey_t; > + ') > + > + manage_files_pattern($1, tls_privkey_t, tls_privkey_t) > + read_lnk_files_pattern($1, tls_privkey_t, tls_privkey_t) > +') > + > +######################################## > ## <summary> > ## Read fonts. > ## </summary> > diff -pru a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te > --- a/policy/modules/system/miscfiles.te 2017-11-04 20:14:02.301932938 +0100 > +++ b/policy/modules/system/miscfiles.te 2017-11-08 18:08:26.250071574 +0100 > @@ -6,6 +6,7 @@ policy_module(miscfiles, 1.13.2) > # > > attribute cert_type; > +attribute tls_privkey_type; > > # > # cert_t is the type of files in the system certs directories. > @@ -14,6 +15,12 @@ type cert_t; > miscfiles_cert_type(cert_t) > > # > +# tls_privkey_t is the type of files for the SSL/TLS private keys. > +# > +type tls_privkey_t; > +miscfiles_tls_privkey_type(tls_privkey_t) > + > +# > # fonts_t is the type of various font > # files in /usr > # Merged. -- Chris PeBenito ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-11-09 22:26 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-11-05 2:28 [refpolicy] [PATCH 1/2] base: label generic SSL certificates as standard files Guido Trentalancia 2017-11-05 0:39 ` Russell Coker 2017-11-05 3:02 ` Guido Trentalancia 2017-11-05 2:55 ` [refpolicy] [PATCH 1/2 v2] " Guido Trentalancia 2017-11-05 3:06 ` [refpolicy] [PATCH 1/2 v3] " Guido Trentalancia 2017-11-05 4:43 ` [refpolicy] [PATCH 1/2 v4] " Guido Trentalancia 2017-11-05 22:32 ` [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys (was: "label generic SSL certificates as standard files") Guido Trentalancia 2017-11-08 1:48 ` [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private keys Chris PeBenito 2017-11-08 14:55 ` Guido Trentalancia 2017-11-08 17:30 ` [refpolicy] [PATCH 1/2 v6] " Guido Trentalancia 2017-11-09 22:26 ` Chris PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.