On Wed, 2004-09-01 at 02:37, Russell Coker wrote:
> One thing to remember is that any time you see user_t in policy it's a local
> customisation or a bug.
>
> In this case it seems to me that one correct way of writing policy for this is
> the following:
> allow { dbus_client_domain userdomain } etc_dbusd_t:dir { search };
> allow { dbus_client_domain userdomain } etc_dbusd_t:file { getattr read };
> allow { dbus_client_domain userdomain } user_t:netlink_selinux_socket { bind
> create };
>
> But then we are granting almost every domain that has any significance in the
> security of the system read access. So why not just label the files as etc_t
> and remove the etc_dbusd_t type entirely?
These permissions shouldn't be granted directly to the user domains. We
need per-userdomain dbusd domains defined via a macro for the
per-session message bus.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
