On Tuesday 22 March 2005 12:23, David Hampton <hampton-rh@rainbolthampton.net> wrote:
> This is a new strict policy for the DCC spam filter. It is based on the
> selinux-policy-strict-sources-1.23.2-1 fedora RPM. This policy requires
> the definition of dcc reserved ports that were in the net_contexts diff
> I sent last Wednesday. Please let me know if there are any problems
> with or changes needed to this policy.

Firstly daemons should not be started with su. For correct handling of terminal file handles you should use /sbin/runuser to change the UID, it also requires less policy which makes things easier.

Why do you use init_service_domain() and domain_auto_trans(initrc_t, dcc_script_exec_t, dcc_script_t)?

Surely the daemon is to be started either from inittab or from an /etc/init.d script but not both.

Putting a unix domain socket in /etc is wrong. Among other things it will probably break things for anyone who wants to run with a read-only root file system.

Types used under the /var/run directory generally should have the pidfile attribute so that they can be cleaned up by boot scripts if necessary.

There is a type dccm_sock_t defined which is not in the .fc file.

Allowing access to sshd_t:fd is not what you want, you want to use privfd:fd to allow the administrator to use a console login. Also you want to use admin_tty_type:chr_file instead of sysadm_devpts_t:chr_file for the same reason.

I have attached some patches, but I think that more will need to be done.

For starters I don't think that there is a good cause for seven domains. Postfix has the current record with 13 domains and I believe that Postfix has too many, one of the reasons why I asked Tresys to add a feature to apol to compare the access granted to domains was to determine which domains of Postfix are not needed.

Without even knowing what DCC does I feel confident in guessing that it's not nearly half as complex as Postfix and doesn't need so many domains. Excessive domains makes the policy difficult to analyse. For starters dccifd_t and dccm_t can be merged.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



text/x-diff attachment: fc.diff



text/x-diff attachment: te.diff