Custom unix local socket type

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello!

I created a small server app module that I included a custom socket type in:

    type plazerine_socket_t;
    typeattribute plazerine_socket_t file_type, non_auth_file_type, non_security_file_type;

This is for a unix local stream socket, for which there is a file context rule:

   semanage fcontext -a -t plazerine_socket_t /usr/local/etc/plazerine/msgin

The server executable is labeled 'plazerine_exec_t', and the process derived from it
transistions to 'plazerine_t'.  However, when it creates and opens the socket, the
file always ends up typed `plazerine_exec_t` (requiring various socket oriented 
permissions on that type).

There's no AVC denial to interpret (which is how I've mostly found my way around), and
this isn't deal breaking for me -- in a sense having a separate type for the socket may
be sort of redundant.  OTOH, it would provide some more fined grained depending on
how complex the system using the exec type is.

Is there a right way to do this?  I notice via `seinfo -t` there is a handful of what seem
by name to be custom socket types, and they are defined typeattribute wise the
same way I've done it above.

This is on a policy v.33  fedora system, targeted, enforcing.

- MK



_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux