On Wed, Mar 04, 2020 at 10:19:54AM -0500, Stephen Smalley wrote: > On Wed, Mar 4, 2020 at 9:47 AM Dominick Grift > <dominick.grift@xxxxxxxxxxx> wrote: > > Practically yes name-based type transitions but other than that it makes the experience much simpler if you have just one unconfined system domain. > > I actually kind of got that idea from you when you mentioned the three domain model. > > Not sure that was me but whatever. That is what I thought when you mentioned it, but I am glad you did because I was a bit too focussed on least privilege. A bit of corner cutting here and there can be a good thing. Besides it is fun to explore alternatives. > > > Its also used by pam_selinux env_params (which in turn is used by ssh for "ssh user/role/level@host") > > The problem is that the default_type for ssh and sudo sessions may differ (ie. default_type is not really a default_type) > > Fair enough; originally it was only used by newrole and only if a type > wasn't explicitly specified via -t. Maybe > get_default_context_with_role(3) > would be better since it can take into account the caller context. > > > > Probably needs to be converted to using selinux_check_access(). > > > > We hit that same isssue when we revisted mdp a while ago. Removing the env_params was a quick fix for that then. > > Well, the right fix is to use selinux_check_access(). -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
