Return-Path: <SRS0=Kdev=PS=vger.kernel.org=selinux-refpolicy-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.7 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_PASS autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D0F07C43387
	for <selinux-refpolicy@archiver.kernel.org>; Thu, 10 Jan 2019 00:37:05 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 7E300214C6
	for <selinux-refpolicy@archiver.kernel.org>; Thu, 10 Jan 2019 00:37:05 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="atldYR1w"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726425AbfAJAhF (ORCPT
        <rfc822;selinux-refpolicy@archiver.kernel.org>);
        Wed, 9 Jan 2019 19:37:05 -0500
Received: from mail-qt1-f193.google.com ([209.85.160.193]:43982 "EHLO
        mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726286AbfAJAhF (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Wed, 9 Jan 2019 19:37:05 -0500
Received: by mail-qt1-f193.google.com with SMTP id i7so10528521qtj.10
        for <selinux-refpolicy@vger.kernel.org>; Wed, 09 Jan 2019 16:37:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ieee.org; s=google;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=1f/+K0R83HqpbRyDx0K8uzwLqErRT43Z4hWduNudXs0=;
        b=atldYR1wq+6tAeoefPYXxjhQ//SN/kOSJ4hBssGOEB8BHudxwU2ac+lPLl49spBg8a
         FyGMfaOJ07Ne92IQrpMvBuaXEZQYPv6clO/DhdWgjEibbOQdErXUF6pvM9GYTpBxA5kC
         79ZedDkF+g7r8E4VsA+QztuZiuMO441gogfXc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=1f/+K0R83HqpbRyDx0K8uzwLqErRT43Z4hWduNudXs0=;
        b=a+hnvYV7zMdPv27Dq/Oh8JtoM4pk12LM+gzoU77inWAtSZh6QI7Bxaiy7R7hldPCIZ
         Yo7Rp4NFpRvDDg28pY6GIKd4urb0a6BCMtw7PvkI+hoargjbwlAg7RQCc3JNCbQacBkB
         8GOpb8i6HutCUfOTd35ufIgTDX4uKdyKaX/CvIty9zZRiFmD4AHfdyYjnMjsjXNsPkU5
         bkxvwpUNRbIWtra9zyDhBXyS0/qlLoV9QdG0yshe0K0RQibPtcut8fh5qYAPrf+q9zQy
         bHAKDRwGn+KWcI2cNhro3BBWK0llFCgex5JhUaALTt/OWUePA0TPr8BYNjtJ9MN/Kfl+
         +0EQ==
X-Gm-Message-State: AJcUukelajF+IYe4A0vgeGEp8DRzHIYPNwNkVRDCtTUg/sgB8YW8UYNq
        SKTbQ1bjAixYI/sIPi+Ptm4gsySoetE=
X-Google-Smtp-Source: ALg8bN47fV198vC0XzVmz+/SiNt6i7u56SPHA0i3xgl1t2dHAExgD2Jqmg9DIG0UG9sSdTJAZqqreg==
X-Received: by 2002:ac8:2d2b:: with SMTP id n40mr7496241qta.38.1547080623341;
        Wed, 09 Jan 2019 16:37:03 -0800 (PST)
Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247])
        by smtp.gmail.com with ESMTPSA id p48sm43324532qtp.62.2019.01.09.16.37.02
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 09 Jan 2019 16:37:02 -0800 (PST)
Subject: Re: [PATCH cron 2/2] user_crontab_t etc
To:     russell@coker.com.au
Cc:     selinux-refpolicy@vger.kernel.org
References: <20190107031005.GA13945@aaa.coker.com.au>
 <b56674cc-183d-630e-defe-bf93237485a3@ieee.org> <6320875.l7dpP3Uglz@xev>
From:   Chris PeBenito <pebenito@ieee.org>
Message-ID: <8f56a5ac-d4d8-ccc4-ca6a-4876ac1e6aeb@ieee.org>
Date:   Wed, 9 Jan 2019 18:57:45 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <6320875.l7dpP3Uglz@xev>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

On 1/7/19 10:38 PM, Russell Coker wrote:
> On Tuesday, 8 January 2019 10:47:27 AM AEDT Chris PeBenito wrote:
>> On 1/6/19 10:10 PM, Russell Coker wrote:
>>> This patch adds a $1_crontab_t domain and makes it a compile option for
>>
>> What is the goal for reintroducing a crontab domain per-user-domain?
> 
> To make it more difficult for a user from one domain to take over access to
> another domain via cron.
> 
> The context of the crontab program determines the type of the cron spool file
> which then determines the permitted context of the cron job.
> 
>>> having a $1_cronjob_t domain.
>>>
>>> I anticipate that even if this patch is accepted later on there will be
>>> some changes required.  Please review this not for inclusion immediately
>>> but for changes necessary.  However the previous patch is good to go if
>>> you like the concept.
>>
>> I'm not keen on this.  The current policy is intended to make it easy to
>> decide if you want to use a *_cronjob_t domain or simply transition to
>> the user's domain by tweaking the default_contexts.
> 
> Which means that everyone who doesn't have a need for *_cronjob_t domains gets
> all the extra policy.

Since most people don't know how to recompile the distro policy, they're 
going to be stuck with whichever way it is compiled by the distro.  I 
think the way that it is currently implemented is a fair tradeoff for 
the vast majority of users.

-- 
Chris PeBenito