Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: New policy for DCC
From: Russell Coker <russell_at_coker.com.au>
Date: Fri, 22 Apr 2005 00:54:18 +1000
Firstly daemons should not be started with su. For correct handling of terminal file handles you should use /sbin/runuser to change the UID, it also requires less policy which makes things easier. Why do you use init_service_domain() and domain_auto_trans(initrc_t, dcc_script_exec_t, dcc_script_t)? Surely the daemon is to be started either from inittab or from an /etc/init.d script but not both. Putting a unix domain socket in /etc is wrong. Among other things it will probably break things for anyone who wants to run with a read-only root file system. Types used under the /var/run directory generally should have the pidfile attribute so that they can be cleaned up by boot scripts if necessary. There is a type dccm_sock_t defined which is not in the .fc file. Allowing access to sshd_t:fd is not what you want, you want to use privfd:fd to allow the administrator to use a console login. Also you want to use admin_tty_type:chr_file instead of sysadm_devpts_t:chr_file for the same reason. I have attached some patches, but I think that more will need to be done. For starters I don't think that there is a good cause for seven domains. Postfix has the current record with 13 domains and I believe that Postfix has too many, one of the reasons why I asked Tresys to add a feature to apol to compare the access granted to domains was to determine which domains of Postfix are not needed. Without even knowing what DCC does I feel confident in guessing that it's not nearly half as complex as Postfix and doesn't need so many domains. Excessive domains makes the policy difficult to analyse. For starters dccifd_t and dccm_t can be merged. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home pageReceived on Thu 21 Apr 2005 - 20:06:08 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |