Karl MacMillan wrote:
On Wed, Apr 28, 2010 at 11:34 AM, Daniel J Walsh<dwalsh@xxxxxxxxxx> wrote:
<snip>>
I would argue that
allow X etc_t:file read;
allow X configfile:file read;
Should be weighted equivalently if etc_t is a configfile or only
slightly heavier, and just because etc_runtime_t or some other random
types are configfile does not mean we need to add weight.
I'm going to weigh in here even though policy isn't normally my thing.
I am very against reducing distance based on attribute match over
individual unrelated types. allow X configfile:file read should be the
exact same distance as having an allow rule for every type in configfile
in the interface, otherwise you have inconsistent behavior and are
rewarding interfaces that are overly broad.
The reason for using sepolgen is to find the best match, not the most
broad, if we wanted that we could make sepolgen 1000% less complicated
and just return allow domain filetype:file *;
I suppose there is a fundamental difference in the use of the tool, the
people I know that use it use it to find the best match, the way you
want to use it is to fix the denial any way possible. These 2 usages
conflict and we can't have people thinking they are making secure policy
when in fact they aren't.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
