El 2013-08-19 13:27, Dominick Grift escribió:
On Sun, 2013-08-18 at 20:10 +0200, Juan Orti Alcaine wrote:
Hello, I'm the package mantainer of gogoc, and I'm creating my first
policy
module for it following the instructions of this draft in the wiki
[1].
It says you must build your module for three policies: mls, scritct
and
targeted, but I don't see any strict policy, is this information still
correct? Must I build it also for minimum?
Yes strict no longer exists, so remove any reference to it
And what about the minimum policy?
Also, I see some packages dropping their policies to
/usr/share/selinux/packages/ and others to
/usr/share/selinux/{targeted,mls}. What's better?
Also I have doubts if the module will always live in the gogoc package
or it
will be migrated sometime to the main selinux-policy-targeted package.
If you can take a look at the policy to find any possible error it
would be
great. It's already in the git repository of gogoc [2]
You policy should have no require{} in the .te file, everything should
have an api that you can use instead
Only type transition on what you need to type transition on, instead of
everything (you type transition on everything)
corecmd_bin_entry_type(gogoc_t) <- this doesnt make sense as you do not
domain type transition on bin_t anywhere
radvd_admin(gogoc_t, system_r) <- this one isnt appropriate here
systemd_exec_systemctl(gogoc_t) <- why is this needed?
allow gogoc_t radvd_exec_t:file { read execute open execute_no_trans };
<-- depending on why gogoc runs dadvd you may want to run radvd with a
domain transition instead. If it turns out that you should have ran
radvd with a domain transition ,then it is encouraged you start over
with your policy because, one should always take care of type
transitions first before adding any other rules. because type
transitions can greatly impact access your process needs
There are duplicate rules in your policy
For example:
sysnet_dns_name_resolve(gogoc_t)
and
files_read_etc_files(gogoc_t)
are already enclosed with:
auth_use_nsswitch(gogoc_t)
Theres probably a bit moreroom for improvement other than above but
this
is a start
Thank you for your comments, I'm newbie at policy writing.
What gogoc does is to negotiate the tunnel and execute a shell script to
configure the tun interface and launch the radvd with a custom config to
advertise the prefix in the net.
I'm rewriting the policy and have doubts about how to transition to the
radvd_t domain. I miss a interface like radvd_domtrans(gogoc_t), which I
think it's the way to do the transition, another way I'm thinking it's
adding a section require{ type radvd_exec_t;} and grant access to
execute and domain transition. Which api function should I use?
Regards,
Juan.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
