On Tue, 2008-04-15 at 08:53 -0400, Patrick Neely wrote: > I was creating a module for a script that uses rsync. I wanted to > keep > the program in the callers domain throughout, so I developed an > interface for "rsync.if" that gives a domain the privileges it needs > to > execute a rsync without transitioning to the rsync domain. Next, I > replaced the appropriate te rules in the "rsync.te" with this > interface > which I called "can_rsync_notrans". > > Finally, the transport mechanism I used for rsync was ssh, so I > created > a "can_rsync_over_ssh" interface and added that to the "rysnc.if" > file. > > This is my first attempt at doing something like this, so I am > looking > for feedback on how to make this more correct and more correctly > styled. It is my goal to get these interfaces incorporated into the > reference policy. Not a bad start. There are a few things that I see. The first is the interface naming, and there is a naming convention page [1] that can help you fix that. The actual implementation is fine for the most part. However, I suggest a few changes. It seems that someone wanting to use an rsync client in their policy is going to have two things that they're going to be concerned about: what files are being rsynced and which network to use. These probably shouldn't be included in the interface. Also, since you base it on the existing policy, which is for rsync daemon mode, some permissions can likely be trimmed too, such as the syslog access and possibly the nsswitch too. [1] http://oss.tresys.com/projects/refpolicy/wiki/InterfaceNaming -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
