On Tue, 2010-05-11 at 11:10 -0500, Xavier Toth wrote: > I'm a bit confused about something. mcstransd creates a socket and > through a transition rule it get labeled setrans_var_run_t (this is > also the type used with mls_trusted_object in the setrans policy) > however when other apps try and connect to it the target context type > is setrans_t which of course isn't trusted so no one can connect. As > an experiment I added setrans_t as a mls trusted object and then other > apps could connect. Not sure where the target context comes from on > connectto because the socket file is label setrans_var_run_t on the > disk. Something needs fixing just not sure what. Doesn't seem right to > add 'mls_trusted_object(setrans_t)'. When you create and bind a Unix domain socket in the file system namespace (as opposed to the abstract namespace), there are two objects: the socket itself (created upon the socket call, labeled with the label of the creating process), and the file (created upon the bind call, labeled in accordance with the usual file labeling behavior). Connecting to such a socket requires both write access to the file and connectto permission to the socket. So connectto is a socket-to-socket (which looks like process-to-process since sockets are labeled based on creating process and act as proxies/queues between processes) check. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
