[refpolicy] What is security_file_type and auth_file_type?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] What is security_file_type and auth_file_type?
Date: Tue, 23 Dec 2014 13:13:57 -0500	[thread overview]
Message-ID: <5499B0E5.5050603@redhat.com> (raw)
In-Reply-To: <20141223171448.GA8230@siphos.be>


On 12/23/2014 12:14 PM, Sven Vermeulen wrote:
> On Mon, Dec 22, 2014 at 09:23:42AM -0500, Daniel J Walsh wrote:
>> I see security_file_type as being the type associated with types that
>> should not be READ, not written.
>> /etc/shadow and friends. 
>>
>>  seinfo -asecurity_file_type  -x
>>    security_file_type
>>       selinux_config_t
>>       default_context_t
>>       dnssec_t
>>       shadow_t
>>       krb5_keytab_t
>>       selinux_login_config_t
>>       file_context_t
>>       audit_spool_t
>>       semanage_store_t
>>       auditd_etc_t
>>       auditd_log_t
>>       random_seed_t
>>
>> Although a couple of these (selinux config types) should probably not be
>> included.  
> So things like private keys and passwords (or password containing files) I
> can understand. Why would auditd related files be considered to be "not
> readable"? What leaks/problems do you see with access to those files that
> are so severe?
I can see the audit_log_t files and perhaps files that MLS folks
classify as SystemHigh.  The audit config, should not be considered a
security_file_type.  Bottom line is we should define this type.  I think
files that potentially contain system secrets would be appropriate and
then remove the type from other files.
> Wkr,
> 	Sven Vermeulen
>
> PS At least you can still query which types have security_file_type set.
>    With the 2.4 userspace if the attribute is not directly used in rules,
>    then it is no longer part of the policy:
>
>    ~# seinfo -asecurity_file_type -x
>    ERROR: Provided attribute (security_file_type) is not a valid attribute
>    name.
>
>    This is because the security_file_type is used for /excluding/ those
>    types from rules (like "{ file_type -security_file_type }").

     prev parent reply	other threads:[~2014-12-23 18:13 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-21 10:11 [refpolicy] What is security_file_type and auth_file_type? Sven Vermeulen
2014-12-22 14:23 ` Daniel J Walsh
2014-12-23 17:14   ` Sven Vermeulen
2014-12-23 18:13     ` Daniel J Walsh [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5499B0E5.5050603@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.