Re: journald bypassing MAC checks?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/23/2014 12:10 PM, Florian Weimer wrote:
> systemd-journald has a facility where it accepts file descriptors from
> unprivileged local users and reads the log message from them.  This is
> done to bypass size restrictions on UNIX domain socket datagram messages.
> 
> The code is here in server_process_native_file:
> 
> http://cgit.freedesktop.org/systemd/systemd/tree/src/journal/journald-native.c#n286
> 
> 
> Does this bypass MAC checks because the journald process has different
> privileges than the user who opened the file descriptor?

SELinux would check access by the user process at open time, and then it
would check access by journald on the fd transfer across local socket
IPC (selinux_file_receive hook), and then it would revalidate that
journald still has access when it reads from the fd.

Then I guess the question is what does journald do with the log message
it reads from the file, e.g. does it write it to the journal and then
who is allowed to read from the journal.  In a MLS environment, for
example, I would expect the journal to be unreadable except by
systemhigh processes as it might contain data from any level.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux