Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp827453pxb; Thu, 17 Feb 2022 15:57:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJxfDvyDYvgk+tcWnDb9/2xz19Jlaei3qKi1oMZQEmyjaXmxMyzKahq5NJw/odr1Qfklqdvd X-Received: by 2002:aa7:950b:0:b0:4e1:3696:c4f7 with SMTP id b11-20020aa7950b000000b004e13696c4f7mr5430242pfp.48.1645142279196; Thu, 17 Feb 2022 15:57:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645142279; cv=none; d=google.com; s=arc-20160816; b=iYSWCU5dJn3LxMKiKVpuP2gkcrHVnDXq5qvVQwySGlgJbp+Zk3XjCSKB6YqKzv+SbV 0wme4SgZsBcm/RRhsfTs322ecgzJEJhAojRvrPpC4R05XCXoSx2zf7P9BW6uSfssjjT/ 8UguKZKUWeqvMi70o5HwVGyhPDKsxXSRPw8yVuFDPIJQf92fOjqsb0ejTf8zGI4br10A qUgkKKrwccx6DOoujHN3CsTHHYMT0BFKfT5WCyHL6hknvM7cv9pB9rlnSEBfqOxZdRzM dx1Y7D4lqqLyQSIhk4yywWkW1Dm+HmdMiy8Azey9ZyRtcTvtZgvJYV4M4yEA1WvM1Yex BRtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:content-language:subject:user-agent:mime-version:date :message-id:dkim-signature:dkim-filter; bh=UL0tMYOZd752KxKHHgnovrqc79+ppW0AnIvhIKhxumw=; b=cV3Sf0DVWm+Trzl5jrIVltKab1CiszIPvmHDzF+aXLebcX/rYPYUkC2UOPO0VCUrXz LshPiiJspAz6xCfx7LdZYeHhm05mIwYppFrefdmf62xbmdBSjYyFDQOHdxBrZ/g7ruS/ 27G3OYhhZo3TygWW6BBqReEiDbxSr7WNeGqEhLNauDUurTvWqLaXYIM3XW7SlXg+Aas3 fmQQlkCTUIH3nXkizLvyaxAMMZDE+Wjfj0D8lX707A4J8r8pY1DaqrEwSdJ55X9eTEh2 9rG9p6/e5DhrZAlNo0ZFplfNTpmsmVmfT6LNjeGQJJ3e3bCfRZ8J/4KOt8hj/U+QkU+E PtSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=rmtcyYKX; spf=softfail (google.com: domain of transitioning selinux-refpolicy-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id n7si4761703pgs.527.2022.02.17.15.57.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Feb 2022 15:57:59 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning selinux-refpolicy-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=rmtcyYKX; spf=softfail (google.com: domain of transitioning selinux-refpolicy-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D275B315820; Thu, 17 Feb 2022 15:27:56 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242219AbiBQOys (ORCPT + 22 others); Thu, 17 Feb 2022 09:54:48 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:60468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242226AbiBQOyq (ORCPT ); Thu, 17 Feb 2022 09:54:46 -0500 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1E8982B1ABA for ; Thu, 17 Feb 2022 06:54:24 -0800 (PST) Received: from [192.168.1.10] (pool-173-66-191-184.washdc.fios.verizon.net [173.66.191.184]) by linux.microsoft.com (Postfix) with ESMTPSA id 7B76620BA5A8; Thu, 17 Feb 2022 06:54:23 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7B76620BA5A8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1645109663; bh=UL0tMYOZd752KxKHHgnovrqc79+ppW0AnIvhIKhxumw=; h=Date:Subject:To:References:From:In-Reply-To:From; b=rmtcyYKX1VBN7z4bruwUIA2YsseJXdLw3ksoJkT/Gb+lJpk9eipM3CJ1FJX1qT90N eqF8rZx7Zi1unn7yCtdMUh5Ku5WhnJ/qh9zKQ81IgmQ6CShvaXmt/LOOm8qA2QAnM/ VHVey+qsGetTX/YQIw3WI7/67XDfK4cyVasWXkx4= Message-ID: Date: Thu, 17 Feb 2022 09:54:19 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: [PATCH] rasdaemon V2 Content-Language: en-US To: Russell Coker , selinux-refpolicy@vger.kernel.org References: From: Daniel Burgener In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 2/17/2022 9:46 AM, Russell Coker wrote: > Same as before but with the needed summary and removed the obsolete lockdown > rule. > > Should be ready for merging now. > Signed-off-by: Russell Coker I thought this sounded familiar, so I searched my inbox, and it looks like you submitted this same patch a year ago, and there was feedback from Chris and Dominick that doesn't seem to be addressed yet. I'll try to capture it all inline below. > > Index: refpolicy-2.20220217/policy/modules/kernel/filesystem.if > =================================================================== > --- refpolicy-2.20220217.orig/policy/modules/kernel/filesystem.if > +++ refpolicy-2.20220217/policy/modules/kernel/filesystem.if > @@ -5485,6 +5485,43 @@ interface(`fs_getattr_tracefs_files',` > > ######################################## > ## > +## Read/write trace filesystem files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`fs_write_tracefs_files',` > + gen_require(` > + type tracefs_t; > + ') > + > + allow $1 tracefs_t:dir list_dir_perms; > + allow $1 tracefs_t:file rw_file_perms; > +') > + > +######################################## > +## > +## create trace filesystem directories > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`fs_create_tracefs_dirs',` > + gen_require(` > + type tracefs_t; > + ') > + > + allow $1 tracefs_t:dir { create rw_dir_perms }; > +') > + > +######################################## > +## > ## Mount a XENFS filesystem. > ## > ## > Index: refpolicy-2.20220217/policy/modules/services/rasdaemon.fc > =================================================================== > --- /dev/null > +++ refpolicy-2.20220217/policy/modules/services/rasdaemon.fc > @@ -0,0 +1,3 @@ > +/usr/sbin/rasdaemon -- gen_context(system_u:object_r:rasdaemon_exec_t,s0) > +/var/lib/rasdaemon(/.*)? gen_context(system_u:object_r:rasdaemon_var_t,s0) > + > Index: refpolicy-2.20220217/policy/modules/services/rasdaemon.if > =================================================================== > --- /dev/null > +++ refpolicy-2.20220217/policy/modules/services/rasdaemon.if > @@ -0,0 +1 @@ > +## RAS (Reliability, Availability and Serviceability) logging tool > Index: refpolicy-2.20220217/policy/modules/services/rasdaemon.te > =================================================================== > --- /dev/null > +++ refpolicy-2.20220217/policy/modules/services/rasdaemon.te > @@ -0,0 +1,47 @@ > +policy_module(rasdaemon, 1.0.0) > + > +# rasdaemon is a RAS (Reliability, Availability and Serviceability) logging > +# tool. It currently records memory errors, using the EDAC tracing events. > +# EDAC are drivers in the Linux kernel that handle detection of ECC errors > +# from memory controllers for most chipsets on x86 and ARM architectures. > +# > +# https://git.infradead.org/users/mchehab/rasdaemon.git This can get wrapped in xml and tags so it gets put in docs. > + > +######################################## > +# > +# Declarations > +# > + > +type rasdaemon_t; > +type rasdaemon_exec_t; > +init_daemon_domain(rasdaemon_t, rasdaemon_exec_t) > + > +type rasdaemon_var_t; > +files_type(rasdaemon_var_t) > + > +######################################## > +# > +# Local policy > +# > + > +allow rasdaemon_t self:unix_dgram_socket create_socket_perms; This is redundant, implied by logging_send_syslog_message() > + > +allow rasdaemon_t rasdaemon_var_t:dir manage_dir_perms; > +allow rasdaemon_t rasdaemon_var_t:file manage_file_perms; > + > +kernel_read_debugfs(rasdaemon_t) > +kernel_read_system_state(rasdaemon_t) > +kernel_read_vm_overcommit_sysctl(rasdaemon_t) > +kernel_search_fs_sysctls(rasdaemon_t) > + > +dev_list_sysfs(rasdaemon_t) > +dev_read_urand(rasdaemon_t) > + > +files_read_etc_symlinks(rasdaemon_t) This is redundant (implied by miscfiles_read_localization) > +files_search_var_lib(rasdaemon_t) > +fs_write_tracefs_files(rasdaemon_t) > +fs_create_tracefs_dirs(rasdaemon_t) > + > +logging_send_syslog_msg(rasdaemon_t) > +miscfiles_read_localization(rasdaemon_t) > +