(2010/12/16 5:37), Michal Svoboda wrote: > Hello, > > let's say I have a www service that's run through apache/selinux+ with > its own domain say foo_t. The domain has write access to some files with > type foo_data_t (which is files_type) through an allow rule. > > Now, due to the 'typebound httpd_t foo_t' rule used with apache domains, > I would normally also have to 'allow httpd_t foo_data_t : file ...'. > > But today I saw another solution at work, which used an oddball rule > where the foo_data_t was type bounded by another files_type, something > like 'typebound http_user_data_t foo_data_t' (don't remember the > bounding type's name exactly). This would make the www service work the > expected way without the need for 'allow httpd_t foo_data_t : file ...'. > > Is this a known behavior? What is the sense in typebounding file types? > Yes, it is known. We had a similar discussion before: http://marc.info/?l=selinux&m=126771862818496&w=2 The type-boundary feature is originated from type-hierarchy feature which has been supported in checkpolicy for several years. Joshua said: | The original hierarchy specified that if httpd_t had e.g., write access | to httpd_sys_content_t then webapp_t could be given write access to | webapp_content_t without httpd_t having direct access to webapp_content_t. | | This was done so that, in policy access controls, parents could be | decoupled from children while still allowing child subjects to access | child objects. One application of this was to have parents that, | themselves, did not have access to children objects (or were not active | at all). It seems to me your use cases are right. Maybe, the term of 'boundary' might make us hard to imagine this type of functionality. Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
