Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0F07C43387 for ; Thu, 10 Jan 2019 00:37:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7E300214C6 for ; Thu, 10 Jan 2019 00:37:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="atldYR1w" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726425AbfAJAhF (ORCPT ); Wed, 9 Jan 2019 19:37:05 -0500 Received: from mail-qt1-f193.google.com ([209.85.160.193]:43982 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726286AbfAJAhF (ORCPT ); Wed, 9 Jan 2019 19:37:05 -0500 Received: by mail-qt1-f193.google.com with SMTP id i7so10528521qtj.10 for ; Wed, 09 Jan 2019 16:37:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=1f/+K0R83HqpbRyDx0K8uzwLqErRT43Z4hWduNudXs0=; b=atldYR1wq+6tAeoefPYXxjhQ//SN/kOSJ4hBssGOEB8BHudxwU2ac+lPLl49spBg8a FyGMfaOJ07Ne92IQrpMvBuaXEZQYPv6clO/DhdWgjEibbOQdErXUF6pvM9GYTpBxA5kC 79ZedDkF+g7r8E4VsA+QztuZiuMO441gogfXc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=1f/+K0R83HqpbRyDx0K8uzwLqErRT43Z4hWduNudXs0=; b=a+hnvYV7zMdPv27Dq/Oh8JtoM4pk12LM+gzoU77inWAtSZh6QI7Bxaiy7R7hldPCIZ Yo7Rp4NFpRvDDg28pY6GIKd4urb0a6BCMtw7PvkI+hoargjbwlAg7RQCc3JNCbQacBkB 8GOpb8i6HutCUfOTd35ufIgTDX4uKdyKaX/CvIty9zZRiFmD4AHfdyYjnMjsjXNsPkU5 bkxvwpUNRbIWtra9zyDhBXyS0/qlLoV9QdG0yshe0K0RQibPtcut8fh5qYAPrf+q9zQy bHAKDRwGn+KWcI2cNhro3BBWK0llFCgex5JhUaALTt/OWUePA0TPr8BYNjtJ9MN/Kfl+ +0EQ== X-Gm-Message-State: AJcUukelajF+IYe4A0vgeGEp8DRzHIYPNwNkVRDCtTUg/sgB8YW8UYNq SKTbQ1bjAixYI/sIPi+Ptm4gsySoetE= X-Google-Smtp-Source: ALg8bN47fV198vC0XzVmz+/SiNt6i7u56SPHA0i3xgl1t2dHAExgD2Jqmg9DIG0UG9sSdTJAZqqreg== X-Received: by 2002:ac8:2d2b:: with SMTP id n40mr7496241qta.38.1547080623341; Wed, 09 Jan 2019 16:37:03 -0800 (PST) Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id p48sm43324532qtp.62.2019.01.09.16.37.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 09 Jan 2019 16:37:02 -0800 (PST) Subject: Re: [PATCH cron 2/2] user_crontab_t etc To: russell@coker.com.au Cc: selinux-refpolicy@vger.kernel.org References: <20190107031005.GA13945@aaa.coker.com.au> <6320875.l7dpP3Uglz@xev> From: Chris PeBenito Message-ID: <8f56a5ac-d4d8-ccc4-ca6a-4876ac1e6aeb@ieee.org> Date: Wed, 9 Jan 2019 18:57:45 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <6320875.l7dpP3Uglz@xev> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 1/7/19 10:38 PM, Russell Coker wrote: > On Tuesday, 8 January 2019 10:47:27 AM AEDT Chris PeBenito wrote: >> On 1/6/19 10:10 PM, Russell Coker wrote: >>> This patch adds a $1_crontab_t domain and makes it a compile option for >> >> What is the goal for reintroducing a crontab domain per-user-domain? > > To make it more difficult for a user from one domain to take over access to > another domain via cron. > > The context of the crontab program determines the type of the cron spool file > which then determines the permitted context of the cron job. > >>> having a $1_cronjob_t domain. >>> >>> I anticipate that even if this patch is accepted later on there will be >>> some changes required. Please review this not for inclusion immediately >>> but for changes necessary. However the previous patch is good to go if >>> you like the concept. >> >> I'm not keen on this. The current policy is intended to make it easy to >> decide if you want to use a *_cronjob_t domain or simply transition to >> the user's domain by tweaking the default_contexts. > > Which means that everyone who doesn't have a need for *_cronjob_t domains gets > all the extra policy. Since most people don't know how to recompile the distro policy, they're going to be stuck with whichever way it is compiled by the distro. I think the way that it is currently implemented is a fair tradeoff for the vast majority of users. -- Chris PeBenito