On Tue, 2013-08-20 at 10:51 +0000, Juan Orti Alcaine wrote:
> El 2013-08-19 13:27, Dominick Grift escribió:
> > On Sun, 2013-08-18 at 20:10 +0200, Juan Orti Alcaine wrote:
> >> Hello, I'm the package mantainer of gogoc, and I'm creating my first
> >> policy
> >> module for it following the instructions of this draft in the wiki
> >> [1].
> >>
> >> It says you must build your module for three policies: mls, scritct
> >> and
> >> targeted, but I don't see any strict policy, is this information still
> >> correct? Must I build it also for minimum?
> >
> > Yes strict no longer exists, so remove any reference to it
>
> And what about the minimum policy?
Probably should ignore minimal as well. Since that policy model aims to
be minimal
> Also, I see some packages dropping their policies to
> /usr/share/selinux/packages/ and others to
> /usr/share/selinux/{targeted,mls}. What's better?
Not sure but probably the latter
>
> >
> >>
> >> Also I have doubts if the module will always live in the gogoc package
> >> or it
> >> will be migrated sometime to the main selinux-policy-targeted package.
> >>
> >> If you can take a look at the policy to find any possible error it
> >> would be
> >> great. It's already in the git repository of gogoc [2]
> >>
> >
> > You policy should have no require{} in the .te file, everything should
> > have an api that you can use instead
> >
> > Only type transition on what you need to type transition on, instead of
> > everything (you type transition on everything)
> >
> > corecmd_bin_entry_type(gogoc_t) <- this doesnt make sense as you do not
> > domain type transition on bin_t anywhere
> >
> > radvd_admin(gogoc_t, system_r) <- this one isnt appropriate here
> >
> > systemd_exec_systemctl(gogoc_t) <- why is this needed?
> >
> > allow gogoc_t radvd_exec_t:file { read execute open execute_no_trans };
> > <-- depending on why gogoc runs dadvd you may want to run radvd with a
> > domain transition instead. If it turns out that you should have ran
> > radvd with a domain transition ,then it is encouraged you start over
> > with your policy because, one should always take care of type
> > transitions first before adding any other rules. because type
> > transitions can greatly impact access your process needs
> >
> > There are duplicate rules in your policy
> >
> > For example:
> > sysnet_dns_name_resolve(gogoc_t)
> > and
> > files_read_etc_files(gogoc_t)
> >
> > are already enclosed with:
> > auth_use_nsswitch(gogoc_t)
> >
> > Theres probably a bit moreroom for improvement other than above but
> > this
> > is a start
>
> Thank you for your comments, I'm newbie at policy writing.
>
> What gogoc does is to negotiate the tunnel and execute a shell script to
> configure the tun interface and launch the radvd with a custom config to
> advertise the prefix in the net.
>
> I'm rewriting the policy and have doubts about how to transition to the
> radvd_t domain. I miss a interface like radvd_domtrans(gogoc_t), which I
> think it's the way to do the transition, another way I'm thinking it's
> adding a section require{ type radvd_exec_t;} and grant access to
> execute and domain transition. Which api function should I use?
upstream will probably only accept it with the use of a dadvd_domtrans()
but for your solution for now you could do something like this:
optional_policy(`
gen_require(`
type radvd_exec_t, radvd_t;
')
domtrans_pattern(gogoc_t, radvd_exec_t, radvd_t)
')
>
> Regards,
> Juan.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
