Re: Selinux for RAMFS implementation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 5, 2020 at 2:02 PM Ashish Mishra <ashishm@xxxxxxxxxx> wrote:
> Hi Ondrej ,
>
> Thanks for sharing valuable information.
>
> 1) Since it's in an evaluation state , we might have a chance to look at tmpfs options .
>     Can you please share  some pointers on this option ?

It should be pretty much a "drop in replacement" for ramfs, it just
has a couple more filesystem features (including the extended
attributes needed by SELinux). It will probably have a bit higher
per-file memory overhead though.

It would be helpful if you could share why you want to use ramfs as
the root filesystem? Is it just to have a fast I/O? If all your files
fit into RAM, then the disk cache should already hold all used files
in memory anyway. And obviously you'll have to load the files
initially from some storage anyway, no? And how are you going to
handle software updates?

>
>
> 2) Worst case scenario , if we can't go ahead with a tmpfs approach ..
>     a) Are there any specific files / directories or services that might create a problem ?

Well, now that I think about it a little bit deeper, I think without a
way to label (system) files, you'd pretty much lose the security
advantages of SELinux completely. Because if you can't label the
binaries, then you also can't have (automatic) type transitions, so in
the end all your system would run as a single domain, making SELinux
entirely pointless.

>           Or if
>     b) Any way we can customize STOCK fedora policies ( so that they can work with RAMFS)
>         (  I can sense that this option might be complex , time-consuming & risky .
>            But in case ramfs is mandatory , at-least we will know the effort & plan schedule accordingly )

Well, you could probably create your own minimal policy that would
allow booting and running such a system, but as I said above there
would be no point in using SELinux at all then. I mean, you could
probably selectively "sandbox" some programs using dynamic
transitions, but that would require both modifying the programs and
writing the policy from scratch...

So I strongly recommend using tmpfs instead of ramfs. Ramfs is simply
too minimal for SELinux and probably doesn't give you any practical
advantage over tmpfs anyway.

>
>
> Thanks for sharing the comment as it has definitely saved us some time &
> will help us to use Fedora in a better way .
>
>
> Thanks ,
> Ashish Kumar Mishra

-- 
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux