Al Pacifico wrote:
I (a greenhorn with selinux) am writing a policy for a daemon that
streams music files over my home network to a music player client (a
Slimdevices Squeezebox). My OS is FC5.
The main daemon (/usr/sbin/slimserver) is a perl script that serves
the music files and is started with an init script. My questions have
to do with a secondary program (/usr/sbin/slimserver-scanner, also a
perl script) that scans the music on the server, reading mp3 tags and
such, and generates a database of stored music that is stored in a
MySQL database. /usr/sbin/slimserver-scanner is invoked by the
/usr/sbin/slimserver daemon and might be invoked by the user (although
I can't recall ever doing so in several years of owning a Squeezebox).
I've been following the example posted by Dan Walsh in a blog at
http://danwalsh.livejournal.com/8707.html?thread=39171 which has been
extremely helpful.
My (2) questions:
1. What is the appropriate file context for the scanner program?
system_u:object_r:sbin_t?
system_u:object_r:slimserver_t?
system_u:object_r:slimserver_exec_t?
That depends on your security goals. If you want the slimserver-scanner
to have the same privs as slimserver you would label it sbin_t and allow
slimserver to corecmd_exec_sbin(). If you want to go with least privs,
you would create a new policy for slimserver-scanner
(slimserver_scanner_t with file context of slimserver_scanner_exec_t)
and then add a rule to slimserver_t to domtrans
slimserver_scanner_domtrans(slimserver_t)
The generated slimserver.fc file contains:
# slimserver executable will have:
# label: system_u:object_r:slimserver_exec_t
# MLS sensitivity: s0
# MCS categories: <none>
/usr/sbin/slimserver --
gen_context(system_u:object_r:slimserver_exec_t,s0)
/var/run/slimserver.pid
gen_context(system_u:object_r:slimserver_var_run_t,s0)
/var/log/slimserver
gen_context(system_u:object_r:slimserver_var_log_t,s0)
and the slimserver.if file contains:
interface(`slimserver_domtrans',`
gen_require(`
type slimserver_t, slimserver_exec_t;
')
domain_auto_trans($1,slimserver_exec_t,slimserver_t)
allow $1 slimserver_t:fd use;
allow slimserver_t $1:fd use;
allow slimserver_t $1:fifo_file rw_file_perms;
allow slimserver_t $1:process sigchld;
')
2. There is no reason to add the scanner program be added to
slimserver.fc that was generated by policygentool, is there?
Only if you are creating a context for slimserver_scanner_exec_t,
otherwise just let it be labeled sbin_t.
The file itself just needs to be labeled appropriately, right? Or does
that file play some role in policy compilation in a step that I did
not explicitly executed when I invoked 'make -f
/usr/share/selinux/devel/Makefile'?
Thanks in advance.
-al
--
Al Pacifico
Seattle, WA
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
