On Thu, 2008-06-05 at 10:18 +0900, KaiGai Kohei wrote: > Christopher J. PeBenito wrote: > > On Wed, 2008-06-04 at 13:03 +0900, KaiGai Kohei wrote: > >> Christopher J. PeBenito wrote: > >>> On Tue, 2008-06-03 at 19:25 +0900, KaiGai Kohei wrote: > >>>> Christopher J. PeBenito wrote: > >>>>> I'm out of arguments; clearly I'm in the minority on this issue. I > >>>>> already said I wouldn't block the policy over this, so KaiGai, if you > >>>>> would send a last patch based on the revisions I made [1], let see if we > >>>>> can finally get this merged. > >>>>> > >>>>> [1] http://marc.info/?l=selinux&m=120999566809541&w=2 > >>>> I'll submit a revised version later. > >>>> (Now we cannot update SVN repository, due to server maintenance.) > >>>> > >>>> Before this, I want to modify the following points: > > > >> Then, the above dontaudit rule should be rewritten as follows: > >> > >> dontaudit { sepgsql_client_type sepgsql_unpriv_type postgresql_t } \ > >> { sepgsql_table_type - sepgsql_sysobj_table_type } : db_tuple *; > >> > >> At first, I used a boolean (sepgsql_enable_audittuple) to turn on/off > >> tuple-level access logs, but you suggested it is unnecessary, so I removed it. > > > > I don't agree because of: > > > > +allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *; > > +allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *; > > > > so dontauditing for postgresql_t and sepgsql_unconfined_type doesn't do > > anything since the access is allowed. > > It is correct in type enforcement. > But MCS/MLS can prevent to access by unconfined domains, and make flood of > access denied logs. Ok, I see your point. Please add a comment in the policy that explains this, so I don't mistakenly remove the dontaudit in the future :) One thing I just realized: do we really want to dontaudit all perms? It seems like use and/or select might be sufficient. Dontauditing relabelto and relabelfrom doesn't seem like a good idea. -- Chris PeBenito <pebenito@xxxxxxxxxx> Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
