-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joshua Brindle wrote:
> Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Joshua Brindle wrote:
>>> Daniel J Walsh wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Joshua Brindle wrote:
>>>>> Daniel J Walsh wrote:
>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>> Hash: SHA1
>>>>>>
>>>>>> Policy should label /root with one label and this should not be
>>>>>> effected
>>>>>> by the passwd database.
>>>>>>
>>>>>> In Fedora policy we label this as admin_home_t. Having this label
>>>>>> vary
>>>>>> depending on policy ends up with lines like
>>>>>>
>>>>>> dontaudit * user_home_t:dir search_dir_perms
>>>>>> dontaudit * admin_home_t:dir search_dir_perms
>>>>>> dontaudit * sysadmin_home_t:dir search_dir_perms
>>>>>> dontaudit * staff_home_t:dir search_dir_perms
>>>>>>
>>>>>> Labeling this directory as user_home_t, opens the system to possible
>>>>>> security risks since some domains have to be able to write to
>>>>>> user_home_t when they would never be allowed to write to
>>>>>> admin_home_t.
>>>>> The comment right above the added lines seems to indicate that was
>>>>> suppose to be root before, why is / excluded? Are we going to start a
>>>>> huge whitelist for genhomedircon?
>>>>>
>>>>> if (strcmp(pwent->pw_dir, "/") == 0) {
>>>>> /* don't relabel / genhomdircon checked to see
>>>>> if root
>>>>> * was the user and if so, set his home
>>>>> directory to
>>>>> * /root */
>>>>> continue;
>>>>> }
>>>> No just /root
>>>>
>>>> /root should not be labeled based on genhomedircon.
>>>>
>>> Why are the exact same lines there for "/" then?
>>>
>>>
>> Well I guess we do want to protect / and /root.
>>
>> Others should be fixed by looking at the parent, so if I added /var as a
>> homedir it would blow up saying it conflicts with the previous
>> definition of /var.
>>
>
> I don't think I understand the problem we are trying to solve here...
Right now we do not know what /root is going to be labeled.
Sometime it is labeled admin_home_t sometimes sysadm_home_dir_t other
times user_home_dir_t.
I believe this is wrong. It is not a "USER" home dir, it is something
far more special.
Allowing it to be set by an application like genhomedircon, prevents us
from knowing what the label should be.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmbKVYACgkQrlYvE4MpobN5JgCg0Vf6Qe67UhBSc9DSjAUOnfTq
3KYAn2BSJAPHrmHDuCTpTD3rV889mJea
=uDb7
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
