Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD2D9C43387 for ; Wed, 16 Jan 2019 23:19:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 97F6920652 for ; Wed, 16 Jan 2019 23:19:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="WSpr7rch" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727064AbfAPXTl (ORCPT ); Wed, 16 Jan 2019 18:19:41 -0500 Received: from mail-qt1-f195.google.com ([209.85.160.195]:34330 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726976AbfAPXTl (ORCPT ); Wed, 16 Jan 2019 18:19:41 -0500 Received: by mail-qt1-f195.google.com with SMTP id r14so9382158qtp.1 for ; Wed, 16 Jan 2019 15:19:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=J52MdJID2b5sYuElwMHlfuw7Z8TXd8HsIdiSbc6bIYQ=; b=WSpr7rchtQD5sd7N262IbtIKy0jh3lQ5rOP/zViGOib+ks+7RcYD2xC1ZjCbsjVULb lXc3atJbhgCWK/ZQWDcZ8QnBHYcmTQorc9dCBozHX8WI+3pj41hS/KQRscY28pPGzw2H hrp1DS5zGGOIteiHLN/M4Eglz7ZFr86aQQfJM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=J52MdJID2b5sYuElwMHlfuw7Z8TXd8HsIdiSbc6bIYQ=; b=n+lAFMOyXwGnDRD7NTX3n4cOYyma+niUeFjfAtX0V9nkt12BLOr6PiGBtxv+ATjBJx o/L9R4wz4bUE26FBv5m9WM0IR46msFMCLwtRtnK3TlSgSNHId9Vej3on0K8tDWpbUvlb IJWeDoVes4/phQy+hCADUeIlyy1BUX1cBdYqHyxFbG3tYdHLbydfdBPXz5HO0qKXJAvX u/SX/6nr8UBFuRRKzbr2LsVO5G5dqeGpmABd96HQaAZADcFkjycRvUH17fBR84vX2Lv0 Aji6jI47rUoh89TrHNQfDaumbXN5v7nBgrvZJoL85+auHKCRZKZc28PZT20CabLf41LP hsZg== X-Gm-Message-State: AJcUukeKEh/1u6oGad4gf155utOrN0CEDjqPnjyizmu0UvG5MlAzqIG3 MfqUozHbrOPocoEdH9RfYTadTSuarOQ= X-Google-Smtp-Source: ALg8bN7Gi9P4nvZMPv9ShRo407jtIl85lcNDrLMU9NZ20qyyUEyKF9MW3tz8PV6glWIkiNc4B/FqTQ== X-Received: by 2002:ac8:75cc:: with SMTP id z12mr9045767qtq.249.1547680779670; Wed, 16 Jan 2019 15:19:39 -0800 (PST) Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id e4sm51577323qka.31.2019.01.16.15.19.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 15:19:39 -0800 (PST) Subject: Re: [PATCH] some little stuff To: Russell Coker Cc: selinux-refpolicy@vger.kernel.org References: <20190111103043.GA22910@xev> <4df64def-6cfe-af47-5c2a-dcdbf0d507e4@ieee.org> <2480376.JRpnWL4ehX@liv> From: Chris PeBenito Message-ID: <34bdee18-433e-5e8e-088e-6c209d70fa37@ieee.org> Date: Wed, 16 Jan 2019 18:04:32 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <2480376.JRpnWL4ehX@liv> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 1/15/19 2:47 AM, Russell Coker wrote: > On Sunday, 13 January 2019 6:28:35 AM AEDT Chris PeBenito wrote: >>> Index: refpolicy-2.20180701/policy/modules/system/systemd.te >>> =================================================================== >>> --- refpolicy-2.20180701.orig/policy/modules/system/systemd.te >>> +++ refpolicy-2.20180701/policy/modules/system/systemd.te >>> @@ -337,6 +337,10 @@ optional_policy(` >>> networkmanager_dbus_chat(systemd_hostnamed_t) >>> ') >>> >>> +optional_policy(` >>> + unconfined_dbus_send(systemd_hostnamed_t) >>> +') >> >> This comment: >> >> https://github.com/SELinuxProject/refpolicy/issues/18#issuecomment-452316615 >> >> makes me rethink all dbus sends to unconfined domains, especially >> unconfined_t. This here isn't all confined domains, but I want more >> consideration for the perm. > > That comment is about allowing all domains to send to unconfined_t. Allowing > specific domains like systemd_hostnamed_t to send to unconfined_t doesn't seem > like a problem. It doesn't seem likely that an attack via dbus would start > with a systemd domain, especially not one like systemd_hostnamed_t. It's applicable to confined domains sending messages to unconfined domains. What compounds my concern is that there is no similar access for confined users, so where is this coming from? (what's happening?) -- Chris PeBenito