On 09/03/2013 12:29 PM, Michael scherer wrote: > On Tue, Sep 03, 2013 at 09:48:52AM -0600, Kevin Fenzi wrote: >> On Tue, 03 Sep 2013 10:10:32 -0400 >> Jay Greguske <jgregusk@xxxxxxxxxx> wrote: >> >>> If we had SELinux policy enabled on the builders and used MLS on the >>> chroots that would mitigate chroot-to-chroot attacks. I'm not sure if >>> policy could prevent a chroot'ed process from getting access to the >>> builder's certificate. If it could, I think getting SELinux working on >>> the builders would be an easier path than re-writing koji to use VMs. >>> >>> Maybe someone with more expertise could comment on the latter issue. >> >> In the past we had selinux disabled on the builders, as mock didn't >> handle selinux very well at all and there were issues. (even in >> permissive mode). >> >> With this switch to Fedora 19 for builders, we also enabled selinux in >> permissive mode to gather information on any outstanding issues/avcs. >> >> Ideally I would like to get them all to enforcing and make sure we lock >> down the builds as much as we are able from the vm. > > the main issue is that mock should do the transition to a different domain once it > run anything in chroot. I do have a patch but I was not able to make a policy for the transition > ( or my patch is buggy ) and I didn't look at it since a few weeks. I can send it > if someone want to take a look. > Please post it. :) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
