On Sun, Nov 10, 2019 at 07:32:43PM +0100, Nicolas Iooss wrote: > Hello, > I am using CryFS (https://www.cryfs.org/) in order to encrypt some > files in a shared directory. Before writing a policy for this software > and upstreaming it to refpolicy, I am wondering how this should be > handled. Sounds somewhat like gocryptfs. This is how i implemented policy for that: https://defensec.nl/gitweb/dssp2.git/blob/HEAD:/policy/applications/g/gocryptfs.cil > > CryFS is a software that can be run by non-root users that have access > to /dev/fuse. Its command is directly used to mount a directory > ("/usr/bin/cryfs basedir mountpoint"), like command "mount". > Unmounting a mountpoint is done with "fusermount -u mountpoint", > /usr/bin/fusermount being a setuid-root program labeled mount_exec_t. > Currently, sysadm_t cannot use CryFS because it is not allowed to open > and use /dev/fuse (ie. fuse_device_t). Moreover labeling CryFS as > mount_exec_t makes mount_t require more accesses (reading a > configuration file from the base directory, reading > /proc/sys/crypto/fips_enabled, using pipes, etc.). > > Therefore I am thinking of creating a new policy module for cryfs, > which could be shared with other similar software like EncFS > (https://vgough.github.io/encfs/). Does this sound like something > acceptable? Did I miss an existing module that can be extended in > order to support CryFS? > > Thanks, > Nicolas > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift