There is a domain_kill_all_domains in auth_login_pgm_domain that allows sshd and other login programs to send sigkill to auditd and other system processes that were probably not intended.
For auditd, I can create domain_kill_all_domains_except and put auditd in the exception list. This still leaves processes that use auth_login_pgm_domain with the ability to kill many unrelated system processes.
Another approach is to allow login programs to only kill programs with an attribute like userdomain.
Thoughts?
joe
grep through RH policy, refpolicy is similar
find . -name \*.if -exec grep -H auth_login_pgm_domain {} \;
./policy/modules/system/authlogin.if:interface(`auth_login_pgm_domain',`
./policy/modules/services/ssh.if: auth_login_pgm_domain($1_t)
find . -name \*.te -exec grep -H auth_login_pgm_domain {} \;
./policy/modules/system/locallogin.te:auth_login_pgm_domain(local_login_t)
./policy/modules/services/xserver.te:auth_login_pgm_domain(xdm_t)
./policy/modules/services/rshd.te:auth_login_pgm_domain(rshd_t)
./policy/modules/services/rlogin.te:auth_login_pgm_domain(rlogind_t)
./policy/modules/services/remotelogin.te:auth_login_pgm_domain(remote_login_t)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
