On Thursday 06 March 2008 23:13, Erich Schubert <erich@xxxxxxxxxx> wrote: > > > It would definitely help to have separate apt_t and apt_script_t > > > domains, though, to be able to differentiate access for installation > > > scripts and the package manager itself. > > > > What meaningful restrictions can be applied to one but not the other? > > I agree with you that we would currently have to allow pretty much any > access by apt_script_t, unfortunately. Sorry for mixing up apt and dpkg > again in that post btw, yes, it sould be dpkg_t and dpkg_script_t, > obviously. > No, I can't really think of ways to restrict dpkg_script_t apart from > not messing with the dpkg_t state files. Maybe we could make some policy But given that dpkg_script_t can make all manner of other changes (including loading a SE Linux policy) it seems rather minor to restrict access to dpkg state files. > that /usr is to be modified by dpkg_t only whereas dynamically generated > files have to reside in /var, but I doubt this would currently hold. It's a standard practice to convert the data files under /var in an upgrade. > And after all, dpkg_script_t needs to be able to even add users > to /etc/passwd (although through the helper applications, not directly). Yes. In fact while we have unconfined_t, the benefit of having a separate dpkg_t instead of using unconfined_t for installing packages doesn't seem significant. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
