Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp3607727pxy; Mon, 26 Apr 2021 05:53:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUrPl2SMgAVj/+e5xD7EuEO5tmz7B+Fxp8hujvnEKka6w8z+EProTWc8T20bBgaLNLag3E X-Received: by 2002:a17:902:d645:b029:e8:ec90:d097 with SMTP id y5-20020a170902d645b02900e8ec90d097mr18637649plh.47.1619441618776; Mon, 26 Apr 2021 05:53:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619441618; cv=none; d=google.com; s=arc-20160816; b=tCJ0D3Vlk1dFpomEc1aYWtIeH//nin+XSIyBCkSUS1tQ4HDx2ugsa4TOQnIgT0tV5j VsOwXO3EEUzh771RP7WYV+ODokm9K8s8d2DY0Gy6OLP5l19opPpafbdqhwqdQ2ayDxH9 tlW8i15JnnsQX7f38JFxGlGUUunIF+AQtYJRHdn5Sd/oAiBwf7qw7RZgik2is2uhQ15L MwPaz3kKfq9OMNzIDGDaOWouS7s2FN1e1B4FG2t3rBUG/KigpFXyznlQSdRIRcRSaEEc dxcXAq9DdIEq3T/ZcX0wvO6Laon7Sp+0VvjmnxkXu6xd2XeLbvqdheVmF0uaQ3mLG7nO F8Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=Jdq9xGtmMeel22o86JoKo4dUVDa9WqsZT93RHU0Z5d0=; b=eRetR5ERmF668gv/9Sw5UPIJifYlVxHaMoW4T3TfTSYV5JodD7qyA7gYuX/4f+gRlN cD93FUtPIGPWbtPlZxwYGQe1Jh+FJBRQ49zY7GQfkdeT4Cb5EU5PUcr7fX8GXf2j2gVN Bq/MZOW7RQW8QSWjJODL5WWokECAx8pab1o1nK11sRf3H9iMJfy5qP6wFwzKc5l+NKFV s5ftmwk7c2Ej8Zo6K9srLwdaDhCgIr9yq5JuSre/bNiEIffZXRwWV7QDyMiu4QpS1TwS Y7OOHEcuJXpL/2lVsNbXBDMgLallOaKGFcKeTSIEXtyRuYxde/Fuq/kkBGj5vNiDfCSJ Tjsg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=RHoXesZo; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g6si17274760pgg.244.2021.04.26.05.53.33; Mon, 26 Apr 2021 05:53:38 -0700 (PDT) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=RHoXesZo; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233507AbhDZMyN (ORCPT + 17 others); Mon, 26 Apr 2021 08:54:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53588 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233422AbhDZMyC (ORCPT ); Mon, 26 Apr 2021 08:54:02 -0400 Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1946CC061574 for ; Mon, 26 Apr 2021 05:53:21 -0700 (PDT) Received: by mail-qk1-x731.google.com with SMTP id x11so56224245qkp.11 for ; Mon, 26 Apr 2021 05:53:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Jdq9xGtmMeel22o86JoKo4dUVDa9WqsZT93RHU0Z5d0=; b=RHoXesZo7tZKltr/YLjWxRO8y7aE/Z9SBPpi+7L5jqY+xd7A0sjtqk8f9UCPVM1OSK b4eTmKFszBsV3le1ajmJ+wdiu5kKMKBb5DeRPtHcfOyWvMJ2iVOZN/XA4Dw2GKu17jaz 371wxkq3AGuQNxmkFdvy3AnSZKrYNBUPjM7WY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Jdq9xGtmMeel22o86JoKo4dUVDa9WqsZT93RHU0Z5d0=; b=Zb8u0MeIA32dJibXUQRmYjpBa9KVd5alZaY/AqzDrbDBg5/Ocf4yjXaR0SkJhjlRJT NiTtl5+uK5KlS7sTqqBt9Totv7MxupWod9Z33UkzG9DeV1pC++PrCNZcVW4hedhLAsrY Zm9Klih2oSjZyCHKJ4jNZl69LmAr5PITFP68+36E8HScRc6bdHaImBjJO/HjGft81a/F wRxNokS61WWFS00N7+sbkSFtXvxnZ8bAwQoGG1sNmyBqkLzmyH88rmZy0LUy2hFSQrxC DwazDq5ekJAQgFZSifflp89w52Tdezei96uSe1rYlu3ZBWmOBbJ/hvqS2OEKJzhz+0F5 lcCA== X-Gm-Message-State: AOAM531FuBRAQFvzJs/BWr434+Oq6Z/t/x6wquuzY/L10Ov2Pc9GC58E AikB5g/8F8Oleb9zT39D/6BgO/TL1eOwIQ== X-Received: by 2002:a37:aa54:: with SMTP id t81mr16804225qke.44.1619441600347; Mon, 26 Apr 2021 05:53:20 -0700 (PDT) Received: from fedora.pebenito.net (pool-96-234-173-17.bltmmd.fios.verizon.net. [96.234.173.17]) by smtp.gmail.com with ESMTPSA id m124sm11031732qkc.70.2021.04.26.05.53.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 26 Apr 2021 05:53:19 -0700 (PDT) Subject: Re: [PATCH] cockpit web admin system To: Dominick Grift , Russell Coker Cc: selinux-refpolicy@vger.kernel.org, Matej Marusak References: From: Chris PeBenito Message-ID: <574c5faf-0c19-8b9a-3bfe-a71d82a1f2e6@ieee.org> Date: Mon, 26 Apr 2021 08:47:27 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 4/20/21 9:49 AM, Dominick Grift wrote: > Russell Coker writes: > >> I took this from the rawhide policy and adapted it to work with refpolicy. >> >> Probably not ready for merging yet, let me know what should be changed. > > Its been a while since I played with cockpit > > Theres one thing that I want to mention though, instead of login the > confined users in with their login shell domain consider confining the > cockpit-bridge instead and make it log users in with bridge context > instead of the login shell context. Do you have an example of permissions that would be concerning? > Because otherwise you'll end up extending the login shell domain with > permissions needed by the bridge. You can still allow the bridge to open > up a shell with a transition back to the login shell domain (but then > you will get into domain prefixes > > ie: staff_bridge_t -> shell_exec_t -> staff_t vs. user_bridge_t -> > shell_exec_t -> user_t etc. Otherwise I only see some style cleanup needed. Also there is an optional block in the admin interface for systemd calls. Systemd is required for cockpit, so it shouldn't be optional, right? -- Chris PeBenito