On 4/20/21 9:49 AM, Dominick Grift wrote:
Russell Coker <russell@xxxxxxxxxxxx> writes:
I took this from the rawhide policy and adapted it to work with refpolicy.
Probably not ready for merging yet, let me know what should be changed.
Its been a while since I played with cockpit
Theres one thing that I want to mention though, instead of login the
confined users in with their login shell domain consider confining the
cockpit-bridge instead and make it log users in with bridge context
instead of the login shell context.
Do you have an example of permissions that would be concerning?
Because otherwise you'll end up extending the login shell domain with
permissions needed by the bridge. You can still allow the bridge to open
up a shell with a transition back to the login shell domain (but then
you will get into domain prefixes
ie: staff_bridge_t -> shell_exec_t -> staff_t vs. user_bridge_t ->
shell_exec_t -> user_t etc.
Otherwise I only see some style cleanup needed. Also there is an optional block
in the admin interface for systemd calls. Systemd is required for cockpit, so
it shouldn't be optional, right?
--
Chris PeBenito
