On 04/23/2014 12:10 PM, Florian Weimer wrote: > systemd-journald has a facility where it accepts file descriptors from > unprivileged local users and reads the log message from them. This is > done to bypass size restrictions on UNIX domain socket datagram messages. > > The code is here in server_process_native_file: > > http://cgit.freedesktop.org/systemd/systemd/tree/src/journal/journald-native.c#n286 > > > Does this bypass MAC checks because the journald process has different > privileges than the user who opened the file descriptor? SELinux would check access by the user process at open time, and then it would check access by journald on the fd transfer across local socket IPC (selinux_file_receive hook), and then it would revalidate that journald still has access when it reads from the fd. Then I guess the question is what does journald do with the log message it reads from the file, e.g. does it write it to the journal and then who is allowed to read from the journal. In a MLS environment, for example, I would expect the journal to be unreadable except by systemhigh processes as it might contain data from any level. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
