On Wednesday 20 February 2008 12:11:56 am Kohei KaiGai wrote: > Paul Moore wrote: > > On Tuesday 19 February 2008 7:59:22 pm Kohei KaiGai wrote: > >> Is it acceptable one, if we provide an interface to allow a domain > >> to communicate postgresql_t via labeled networking, separated from > >> existing permissions for local ports and nodes? > >> > >> For example: > >> -- at postgresql.if > >> interface(`postgresql_labeled_connect',` > >> gen_require(` > >> type postgresql_t; > >> ') > >> corenet_tcp_recvfrom_labeled($1,postgresql_t) > >> ') > >> > >> and > >> -- at apache.te > >> postgresql_labeled_connect(httpd_t) > >> > >> I think this approach enables to keep independency between modules > >> in unlabeled networking cases too. > > > > For what it is worth, it looks like a good idea to me. > > At first, I implemented this idea for three services > (PostgreSQL/MySQL/SSHd). > > This patch adds the following interfaces: > - postgresql_labeled_communicate(domain) > - mysql_labeled_communicate(domain) > - ssh_labeled_communicate(domain) If this approach is approved by everyone else, I think we would want to add similar interfaces to all of the network facing daemons in the policy. I know it's a lot of work but it's the right thing to do. > Chris, is it suitable for refpolicy framework? -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
