On Wed, 2009-07-29 at 23:01 +1000, James Morris wrote: > On Wed, 29 Jul 2009, Stephen Smalley wrote: > > > So I think the only piece of the proposal that is orthogonal to SELinux > > is privilege bracketing within the program (dropping caps after use). > > But the changes to the file and directory permissions seem more > > questionable. > > Once we have access control on policy itself, we may be able to provide an > API where an application can toggle a boolean on itself, e.g. to perform > one action with broader permissions, then switch to a tighter set of > permissions. This might be implementable in a way which also prevents > applications from ever gaining more permissions (via typebounds). We can actually already apply fine-grained access control on temporary changes to booleans - just specify a distinct label for the boolean in policy (via genfscon selinuxfs entries) and then control who can write to that file type. However, note that such changes affect all processes running in a given domain, so it isn't precisely the same thing as process privilege bracketing. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list