Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: Proposed policy feature: $1_domain attribute
From: Russell Coker <russell_at_coker.com.au>
Date: Tue, 19 Apr 2005 23:32:26 +1000
I'm catching up on email. I object to the policy you suggest above for the same reasons as everyone else. However I believe that there is one significant point which has been overlooked.
If I want to allow a domain (such as staff_t) to be able to manage the role
user_r then there is currently no complete way of doing it. Policy such as
the following is commonly used to allow staff_t to kill user processes that
are doing undesired things:
This of course doesn't permit staff_t to see or kill user_gpg_t etc.
Something like the following might be useful:
can_ps(staff_t, user_domain)
If I was running a university shell server I would probably give some trusted
postgrad students access to UID 0 and have policy such as the following:
can_ps(postgrad_t, user_domain)
That would keep the under-graduate students in line... So I think that having an attribute for user domains makes sense. Having an attribute named user_domain as well as an attribute userdomain is a bad idea. The name $1_domain seems appropriate, so maybe we should rename the current userdomain attribute to user_login_domain (which is a better name anyway) before implementing this. We could then have assertions to prevent the obvious mistakes such as allowing ptrace of a more privileged process in the policy macros for gpg etc. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 19 Apr 2005 - 20:39:03 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |