|
[Resending after accidentally
dropping cc to the list]
On 31/08/2011 18:15, Stephen Smalley wrote: The logic in selinux_set_enforce_mode() in Ah, thank you! I had looked at those lines ealier, without fully understanding how the policy fitted together. Indeed, I set secure_mode_policyload to 'on' based on that code to fix the fact that root could still run setenforce, even without changing role to secadm_r. But unfortuantely, I see now, the reason root could run setenforce without changing to secadm_r is that root gets sysadm_r by default - and changing secure_mode_loadpolicy prevents *both* sysadm_r *and* secadm_r from administering policy - which wasn't what I was trying to achieve. ifdef(`enable_mls',` userdom_security_administrator(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t }) # tunable_policy(`allow_sysadm_manage_security',` userdom_security_administrator(sysadm_t,sysadm_r,admin_terminal) # ') If the allow_sysadm_manage_security boolean was implemented in this policy then I could simply set that to 'off'. Given it's not - what's the best way to grant this permission to secadm_r only? Presumably I want to set secure_mode_loadpolicy to 'on' as now so that the shipped policy doesn't give permissions, and then load some custom TE rules to add the necessary permissions for secadm_r to administer security policy? Regards roy --
Roy Badami Roboreus Ltd 1 New Oxford Street London WC1A 1NU |
