Re: SELinux issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-04-21 at 18:57, Thomas Bleher wrote:

> Not sure what you mean by "incompatible". Writing policy for fam is not
> difficult, in fact I have written some policy for fam some time ago
> (diff against CVS attached). It is however impossible to prevent some
> information leakage when using fam. The attached policy is very liberal
> regarding this, allowing any userdomain to monitor any file. For a more
> secure setup fam should only be able to monitor user_home_t and
> user_tmp_t. 

Well, that's not the only thing that it's desirable to monitor.  For
example, the GNOME theme manager monitors the theme installation
directory, so if you install a new theme, it automatically shows up in
the theme list.  Similarly with the menu system.

> A full solution requires modifications to fam: it should check the
> security context of the caller (like it does already with uid and gid)
> and only monitor the files if they can be accessed by the caller.

Right - I think someone here looked at doing that and just gave up.  We
have someone working on writing a new file monitoring system, hopefully
something will happen there soon.

Anyways, I think it makes some sense to include your FAM policy as a
temporary solution for people who run SELinux and also want the file
monitoring.  But I will leave that decision up to Dan Walsh, the main
policy maintainer.  Hopefully he'll comment here.

> http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages

I see you're using Arch to maintain the policy, very cool.  I really
wish we could do that here.  Editing patches in Emacs' diff-mode and
committing to CVS just isn't quite the same...

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux