Hello,
here I'm again with my policy for KDE and Konqueror after some time. I upgraded
the policy to work with Konqueror 4.4.5 under KDE 4.4.5 and to compile with
current git refpolicy. Would you have any comments about the policy?
Thanx in advance,
Ondrej Vadinsky.
--
Don't it always seem to go
That you don't know what you've got
Till it's gone
(Joni Mitchell)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2010-09-01-001-Basic-policy-for-KDE.patch
Type: text/x-patch
Size: 4288 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100901/97e1c4ba/attachment-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2010-09-01-002-Policy-for-Konqueror.patch
Type: text/x-patch
Size: 11312 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100901/97e1c4ba/attachment-0003.bin
On Wed, 2010-09-01 at 19:24 +0200, Nicky726 wrote:
> Hello,
>
> here I'm again with my policy for KDE and Konqueror after some time. I upgraded
> the policy to work with Konqueror 4.4.5 under KDE 4.4.5 and to compile with
> current git refpolicy. Would you have any comments about the policy?
>
> Thanx in advance,
> Ondrej Vadinsky.
>
> interface(`kde_read_home_files',`
> gen_require(`
> type kde_home_t;
> ')
>
> allow $1 kde_home_t:file read_file_perms;
> allow $1 kde_home_t:dir list_dir_perms;
> userdom_search_user_home_dirs($)
> ')
You should use read_files_pattern here, unless list is really needed.
> +interface(`konqueror_role',`
> + gen_require(`
> + type konqueror_t, konqueror_exec_t, konqueror_home_t,
konqueror_tmp_t;
> + ')
konqueror_exec_t, konqueror_home_t, and konqueror_tmp_t aren't used
here, so they shouldn't be required.
> +interface(`konqueror_read_home_files',`
> + gen_require(`
> + type konqueror_home_t;
> + ')
> +
> + allow $1 konqueror_home_t:file read_file_perms;
> + allow $1 konqueror_home_t:dir list_dir_perms;
> + userdom_search_user_home_dirs($1)
> +')
Same as comment above. Use read_files_pattern unless list is really
necessary.
> +## <desc>
> +## <p>
> +## Allow Konqueror to run bin_t because of drkonqi
> +## </p>
> +## </desc>
> +
> +gen_tunable(konqueror_exec_bin_t, false)
I don't see a significant security risk in giving this corecmd_exec_bin
unconditionally. But this depends on your security goals. If this was
going to be upstreamed, we'll probably allow it without the tunable.
> +# Konqueror runs drkonqi (bin_t) For now dontaudit, in future confine
> +corecmd_dontaudit_getattr_bin_files(konqueror_t)
This can be removed if you switch to using corecmd_exec_bin
> +# Now KDE temp stuff is created with user_tmp_t with more KDE aps
confined
> +# it'll have the right context. For now grant minimal necessary
access to usr temp
> +userdom_read_user_tmp_files(konqueror_t)
> +userdom_write_user_tmp_files(konqueror_t)
> +userdom_manage_user_tmp_sockets(konqueror_t)
kde_tmp_t is declared but not used in kde.te, is this the reason for
these calls?
Are you planning on submitting this for inclusion in refpolicy? If so,
you may want to take a look at the style guide here:
http://oss.tresys.com/projects/refpolicy/wiki/StyleGuide
--
Jeremy J. Solt
Tresys Technology, LLC
410-290-1411 x122
Hello,
first of all thanx for comments, I have incorporated some of them and have a
few questions to others.
Dne P? 10. z??? 2010 17:23:29 Jeremy Solt napsal(a):
> > interface(`kde_read_home_files',`
> >
> > gen_require(`
> >
> > type kde_home_t;
> >
> > ')
> >
> > allow $1 kde_home_t:file read_file_perms;
> > allow $1 kde_home_t:dir list_dir_perms;
> > userdom_search_user_home_dirs($)
> >
> > ')
>
> You should use read_files_pattern here, unless list is really needed.
Correct me if I am wrong, but as kde_home_t files are inside of (one or even
more) kde_home_t directories, the list permission is needed to access them
(directory has to be listed first).
> > # Now KDE temp stuff is created with user_tmp_t with more KDE aps
> > confined it'll have the right context. For now grant minimal necessary
> > access to usr temp
>
> > +userdom_read_user_tmp_files(konqueror_t)
> > +userdom_write_user_tmp_files(konqueror_t)
> > +userdom_manage_user_tmp_sockets(konqueror_t)
>
> kde_tmp_t is declared but not used in kde.te, is this the reason for
> these calls?
Well I came to feeling that the way KDE apps access temp is pretty messed up.
There are at least two types of temp files: those only one application
accesses and those more KDE apps access. None of those has to actually be
there and are created by the first application which needs them. I didn't
realised the troubles with it when developing Konqueror policy, but now as I
try to confine KMail for my diploma paper, I've been quickly hit by them. If
it is Konqueror, which creates shared temp files, they are labelled
konqueror_tmp_t and KMail cannot access them. As there is no guarantee which
application creates those files, I cannot find a way how to classify them in
SELinux. The only working solution I came with is to use only kde_tmp_t type
for all confined KDE apps with full rights to it and at least read/write
access to user_tmp_t. That just doesn't feel right to me though. And moreover
due to xserver_user_x_domain_template needs application tmp type I cannot even
ditch the application tmp types.
If somebody sees better way out of it, I'd be glad.
> Are you planning on submitting this for inclusion in refpolicy? If so,
> you may want to take a look at the style guide here:
> http://oss.tresys.com/projects/refpolicy/wiki/StyleGuide
Well that is definitely my long-term goal to get this policy to refpolicy, if
you guys think that it is ready, that is. Thanx to point the Style Guide out.
Thats all for now, will send the code latter, when it is according to the Style
Guide and when I have the recent tmp change more tested.
Ondrej Vadinsky
--
Don't it always seem to go
That you don't know what you've got
Till it's gone
(Joni Mitchell)
On 09/14/2010 02:18 PM, Nicky726 wrote:
> Hello,
>
> first of all thanx for comments, I have incorporated some of them and have a
> few questions to others.
>
>
> Dne P? 10. z??? 2010 17:23:29 Jeremy Solt napsal(a):
>>> interface(`kde_read_home_files',`
>>>
>>> gen_require(`
>>>
>>> type kde_home_t;
>>>
>>> ')
>>>
>>> allow $1 kde_home_t:file read_file_perms;
>>> allow $1 kde_home_t:dir list_dir_perms;
>>> userdom_search_user_home_dirs($)
>>>
>>> ')
>>
>> You should use read_files_pattern here, unless list is really needed.
>
> Correct me if I am wrong, but as kde_home_t files are inside of (one or even
> more) kde_home_t directories, the list permission is needed to access them
> (directory has to be listed first).
list means reading the directory file. The "access" as you put it is
done with the search permission, which is included in the
read_files_pattern()
>>> # Now KDE temp stuff is created with user_tmp_t with more KDE aps
>>> confined it'll have the right context. For now grant minimal necessary
>>> access to usr temp
>>
>>> +userdom_read_user_tmp_files(konqueror_t)
>>> +userdom_write_user_tmp_files(konqueror_t)
>>> +userdom_manage_user_tmp_sockets(konqueror_t)
>>
>> kde_tmp_t is declared but not used in kde.te, is this the reason for
>> these calls?
>
> Well I came to feeling that the way KDE apps access temp is pretty messed up.
> There are at least two types of temp files: those only one application
> accesses and those more KDE apps access. None of those has to actually be
> there and are created by the first application which needs them. I didn't
> realised the troubles with it when developing Konqueror policy, but now as I
> try to confine KMail for my diploma paper, I've been quickly hit by them. If
> it is Konqueror, which creates shared temp files, they are labelled
> konqueror_tmp_t and KMail cannot access them. As there is no guarantee which
> application creates those files, I cannot find a way how to classify them in
> SELinux. The only working solution I came with is to use only kde_tmp_t type
> for all confined KDE apps with full rights to it and at least read/write
> access to user_tmp_t. That just doesn't feel right to me though. And moreover
> due to xserver_user_x_domain_template needs application tmp type I cannot even
> ditch the application tmp types.
>
> If somebody sees better way out of it, I'd be glad.
>
Confining the user space (kde/gnome etc) is pretty hard to do. I am not
familair with kde so i am not sure how to go about that.
I am however familair with gnome and i have gnome confined myself.
I think konqueror is a file manager if i am not mistaken so i guess it
can be compared to nautilus.
I have nautilus confined and it basically needs full access to all user
content atleast.
You might want to use the file manager to manage files in tmp, tmpfs
(less obvious) and user home.
In my policy for nautilus is is not nautilus that creates file in tmp,
it only uses gconf to create a sock file in /tmp/orbit.
Nautilus can be used to start programs which creates files in tmp. So
you would allow a prefixed nautilus domain to transition to a prefix
application domain.
For example i have totem confined. If i click a audio file in my home
directory via the file manager (nautilus) then i must make sure nautilus
domain transitions to the prefixed totem domain. THen totem will create
its files in tmp with the totem tmp file type.
Again *really* confining the user space really requires hacks and can
become rather complex. I do not think that upstream will adopt the hacks
required to achieve a fully confined user space.
You will have to set some goals for yourself. How far do you want to go?
What is important for you to protect?
I have some experience with this and as said my user space is pretty
much confined:
staff_u:staff_r:staff_t:s0-s0:c0.c1023 360 ? S 0:00 /bin/sh
/usr/bin/eclipse
staff_u:staff_r:staff_t:s0-s0:c0.c1023 361 ? S 0:00
/usr/lib64/eclipse/eclipse
staff_u:staff_r:staff_java_t:s0-s0:c0.c1023 376 ? Sl 18:15
/usr/bin/java -Xms128m -Xmx512m
-Dorg.eclipse.equinox.p2.reconciler.dropins.directory=/usr/share/eclipse/dropins
-XX:CompileCommand=exclude,org/eclipse/core/internal/dtree/DataTreeNode,forwardDeltaWith
-XX:CompileCommand=exclude,org/eclipse/jdt/internal/compiler/lookup/ParameterizedMethodBinding,<init>
-XX:CompileCommand=exclude,org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates,instantiateTemplate
-XX:CompileCommand=exclude,org/eclipse/cdt/internal/core/pdom/dom/cpp/PDOMCPPLinkage,addBinding
-XX:CompileCommand=exclude,org/python/pydev/editor/codecompletion/revisited/PythonPathHelper,isValidSourceFile
-XX:CompileCommand=exclude,org/python/pydev/ui/filetypes/FileTypesPreferencesPage,getDottedValidSourceFiles
-XX:MaxPermSize=256m -jar
/usr/lib64/eclipse//plugins/org.eclipse.equinox.launcher_1.0.201.201004121546.jar
-os linux -ws gtk -arch x86_64 -showsplash -launcher
/usr/lib64/eclipse/eclipse -name Eclipse --launcher.library
/usr/lib64/eclipse//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.0.200.201004121546/eclipse_1208.so
-startup
/usr/lib64/eclipse//plugins/org.eclipse.equinox.launcher_1.0.201.201004121546.jar
-exitdata 145000d -vm /usr/bin/java -vmargs -Xms128m -Xmx512m
-Dorg.eclipse.equinox.p2.reconciler.dropins.directory=/usr/share/eclipse/dropins
-XX:CompileCommand=exclude,org/eclipse/core/internal/dtree/DataTreeNode,forwardDeltaWith
-XX:CompileCommand=exclude,org/eclipse/jdt/internal/compiler/lookup/ParameterizedMethodBinding,<init>
-XX:CompileCommand=exclude,org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates,instantiateTemplate
-XX:CompileCommand=exclude,org/eclipse/cdt/internal/core/pdom/dom/cpp/PDOMCPPLinkage,addBinding
-XX:CompileCommand=exclude,org/python/pydev/editor/codecompletion/revisited/PythonPathHelper,isValidSourceFile
-XX:CompileCommand=exclude,org/python/pydev/ui/filetypes/FileTypesPreferencesPage,getDottedValidSourceFiles
-XX:MaxPermSize=256m -jar
/usr/lib64/eclipse//plugins/org.eclipse.equinox.launcher_1.0.201.201004121546.jar
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2097 ? Ssl 0:06 gnome-session
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2107 ? S 0:00 dbus-launch
--sh-syntax --exit-with-session
staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 2108 ? Ssl 2:11
/bin/dbus-daemon --fork --print-pid 5 --print-address 9 --session
staff_u:staff_r:gconfd_t:s0-s0:c0.c1023 2178 ? S 1:49
/usr/libexec/gconfd-2
staff_u:staff_r:gnomesettingsd_t:s0-s0:c0.c1023 2185 ? Ssl 1:56
/usr/libexec/gnome-settings-daemon
staff_u:staff_r:gnomekeyringd_t:s0-s0:c0.c1023 2186 ? SLl 0:02
/usr/bin/gnome-keyring-daemon --start --components=pkcs11
staff_u:staff_r:staff_gvfsd_t:s0-s0:c0.c1023 2190 ? S 0:00
/usr/libexec/gvfsd
staff_u:staff_r:staff_gvfsd_t:s0-s0:c0.c1023 2198 ? Ssl 0:00
/usr/libexec//gvfs-fuse-daemon /home/dgrift/.gvfs
staff_u:staff_r:staff_gnomeshell_t:s0-s0:c0.c1023 2204 ? S 0:00
/usr/bin/python /usr/bin/gnome-shell
staff_u:staff_r:gnomesettingsd_t:s0-s0:c0.c1023 2216 ? S<sl 81:35
/usr/bin/pulseaudio --start --log-target=syslog
staff_u:staff_r:staff_gnomeshell_t:s0-s0:c0.c1023 2217 ? Sl 174:39
mutter --mutter-plugins=libgnome-shell
staff_u:staff_r:staff_nautilus_t:s0-s0:c0.c1023 2220 ? Sl 1:30 nautilus
staff_u:staff_r:gnomesettingsd_t:s0-s0:c0.c1023 2221 ? S 0:00
/usr/libexec/pulse/gconf-helper
staff_u:staff_r:gnomesettingsd_t:s0-s0:c0.c1023 2224 ? S 4:11
syndaemon -i 0.5 -k
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2226 ? S 0:14
/usr/libexec/gvfs-gdu-volume-monitor
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2237 ? S 0:00
/usr/sbin/restorecond -u
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2244 ? S 0:04
/usr/libexec/polkit-gnome-authentication-agent-1
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2245 ? S 1:33 python
/usr/share/system-config-printer/applet.py
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2247 ? Sl 0:20
gnome-power-manager
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2251 ? Sl 0:25
/usr/libexec/gvfs-afc-volume-monitor
staff_u:staff_r:staff_vino_server_t:s0-s0:c0.c1023 2252 ? Sl 98:12
/usr/libexec/vino-server
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2255 ? Sl 0:06
gnome-volume-control-applet
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2258 ? S 0:00
/usr/libexec/gvfs-gphoto2-volume-monitor
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2260 ? S 0:09
/usr/libexec/gdu-notification-daemon
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2261 ? Sl 0:05 bluetooth-applet
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2263 ? S 0:00
/usr/libexec/im-settings-daemon
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2458 pts/9 Ss 0:00 /bin/bash
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2487 ? S 0:00
/usr/libexec/gconf-im-settings-daemon
staff_u:staff_r:gnomescreens_t:s0-s0:c0.c1023 2506 ? Ss 1:05
gnome-screensaver
staff_u:staff_r:staff_gvfsd_t:s0-s0:c0.c1023 2512 ? S 0:00
/usr/libexec/gvfsd-trash --spawner :1.10 /org/gtk/gvfs/exec_spaw/0
staff_u:staff_r:staff_gvfsd_t:s0-s0:c0.c1023 2522 ? S 0:00
/usr/libexec/gvfsd-burn --spawner :1.10 /org/gtk/gvfs/exec_spaw/1
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2536 ? S 0:00
/usr/libexec/gvfsd-metadata
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2541 ? Sl 9:16
/usr/bin/python /usr/bin/terminator -x /bin/sh -c cd
'/home/dgrift/Desktop' && exec $SHELL
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2645 ? S 0:00 gnome-pty-helper
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2646 pts/0 Ss 0:00 /bin/bash
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2697 pts/1 Ss 0:00 /bin/bash
staff_u:staff_r:staff_screen_t:s0-s0:c0.c1023 2727 pts/1 S+ 0:02 screen
staff_u:staff_r:staff_screen_t:s0-s0:c0.c1023 2728 ? Ss 0:10 SCREEN
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2729 pts/2 Ss 0:00 /bin/bash
staff_u:staff_r:staff_t:s0-s0:c0.c1023 2745 pts/11 Ss 0:00 /bin/bash
staff_u:staff_r:staff_screen_t:s0-s0:c0.c1023 2760 pts/0 S+ 0:02 screen
staff_u:staff_r:staff_screen_t:s0-s0:c0.c1023 3015 pts/4 S+ 0:02 screen
staff_u:staff_r:staff_screen_t:s0-s0:c0.c1023 3016 ? Ss 0:14 SCREEN
staff_u:staff_r:staff_t:s0-s0:c0.c1023 3017 pts/5 Ss 0:00 /bin/bash
staff_u:staff_r:irssi_t:s0-s0:c0.c1023 3048 pts/5 S+ 2:29 irssi
staff_u:staff_r:staff_tp_mission_control_t:s0-s0:c0.c1023 3067 ? SL
0:04 /usr/libexec/mission-control-5
staff_u:staff_r:staff_t:s0-s0:c0.c1023 3069 ? S 0:05
/usr/libexec/telepathy-logger
staff_u:staff_r:staff_tp_butterfly_t:s0-s0:c0.c1023 3076 ? S 0:41
/usr/bin/python /usr/libexec/telepathy-butterfly
staff_u:staff_r:staff_gvfsd_t:s0-s0:c0.c1023 4340 ? S 0:00
/usr/libexec/gvfsd-network --spawner :1.10 /org/gtk/gvfs/exec_spaw/2
staff_u:staff_r:staff_dvbd_t:s0-s0:c0.c1023 4986 ? S 0:24
/usr/bin/gnome-dvb-daemon
staff_u:staff_r:staff_nsplugin_t:s0-s0:c0.c1023 5624 ? Sl 8:45
/usr/lib64/nspluginwrapper/npviewer.bin --plugin
/usr/lib64/mozilla/plugins/libflashplayer.so --connection
/org/wrapper/NSPlugins/libflashplayer.so/24761-2
staff_u:staff_r:ssh_t:s0-s0:c0.c1023 5915 pts/9 S+ 0:00 ssh -p31
dgrift at extern
staff_u:staff_r:staff_t:s0-s0:c0.c1023 8186 pts/12 Ss+ 0:00 /bin/bash
staff_u:staff_r:staff_gvfsd_t:s0-s0:c0.c1023 11623 ? S 0:00
/usr/libexec/gvfsd-http --spawner :1.10 /org/gtk/gvfs/exec_spaw/6
staff_u:staff_r:staff_t:s0-s0:c0.c1023 13882 pts/7 Ss 0:02 /bin/bash
staff_u:staff_r:staff_mutt_t:s0-s0:c0.c1023 18235 pts/8 S+ 0:00 mutt
staff_u:staff_r:staff_empathy_t:s0-s0:c0.c1023 19168 ? Sl 1:02 empathy
staff_u:staff_r:staff_tp_salut_t:s0-s0:c0.c1023 19170 ? S 0:00
/usr/libexec/telepathy-salut
staff_u:staff_r:staff_tp_gabble_t:s0-s0:c0.c1023 19172 ? S 0:15
/usr/libexec/telepathy-gabble
staff_u:staff_r:staff_t:s0-s0:c0.c1023 22522 pts/10 Ss+ 0:00 /bin/bash
staff_u:staff_r:staff_t:s0-s0:c0.c1023 24744 ? S 0:00 /bin/sh
/usr/lib64/firefox-3.6/run-mozilla.sh /usr/lib64/firefox-3.6/firefox
staff_u:staff_r:staff_mozilla_t:s0-s0:c0.c1023 24761 ? Sl 28:53
/usr/lib64/firefox-3.6/firefox
staff_u:staff_r:staff_gvfsd_t:s0-s0:c0.c1023 27098 ? S 0:00
/usr/libexec/gvfsd-sftp --spawner :1.10 /org/gtk/gvfs/exec_spaw/8
staff_u:staff_r:ssh_t:s0-s0:c0.c1023 27102 ? Ss+ 0:08 /usr/bin/ssh
-oForwardX11 no -oForwardAgent no -oClearAllForwardings yes -oProtocol 2
-oNoHostAuthenticationForLocalhost yes -p 32 -l dgrift -s extern sftp
staff_u:staff_r:staff_t:s0-s0:c0.c1023 27587 pts/8 Ss 0:00 /bin/bash
staff_u:staff_r:staff_thunderbird_t:s0-s0:c0.c1023 28309 ? S 0:00
/bin/sh /usr/lib64/thunderbird-3.1/thunderbird
staff_u:staff_r:staff_thunderbird_t:s0-s0:c0.c1023 28321 ? S 0:00
/bin/sh /usr/lib64/thunderbird-3.1/run-mozilla.sh
/usr/lib64/thunderbird-3.1/thunderbird-bin
staff_u:staff_r:staff_thunderbird_t:s0-s0:c0.c1023 28325 ? Sl 0:45
/usr/lib64/thunderbird-3.1/thunderbird-bin
staff_u:staff_r:staff_gpg_agent_t:s0-s0:c0.c1023 28372 ? Ss 0:00
/usr/bin/gpg-agent --sh --no-use-standard-socket --daemon
--default-cache-ttl 300 --max-cache-ttl 999999
staff_u:staff_r:staff_t:s0-s0:c0.c1023 30087 pts/11 R+ 0:00 ps xZ
staff_u:staff_r:staff_t:s0-s0:c0.c1023 30088 pts/11 S+ 0:00 less
staff_u:staff_r:ssh_t:s0-s0:c0.c1023 31073 pts/7 S+ 0:08 ssh -p32
dgrift@extern
But believe you me, it requires a bunch of hacks to get where i am, that
will not likely ever be adopted upstream
heres my tmp:
drwx------. dgrift dgrift staff_u:object_r:settings_tmp_t:s0 .esd-501
drwx------. dgrift dgrift staff_u:object_r:gpg_agent_tmp_t:s0 gpg-l0eM4z
drwxr-xr-x. dgrift dgrift staff_u:object_r:user_tmp_t:s0 hsperfdata_dgrift
drwxr-xr-x. root root staff_u:object_r:rpm_script_tmp_t:s0
hsperfdata_root
drwx------. dgrift dgrift staff_u:object_r:mozilla_tmp_t:s0
icedteaplugin-dgrift
drwxrwxrwt. dgrift dgrift staff_u:object_r:user_tmp_t:s0 .ICE-unix
drwxrwxr-x. dgrift dgrift staff_u:object_r:sepoldiff_tmp_t:s0 isitnew
-rw-------. dgrift dgrift staff_u:object_r:mozilla_tmp_t:s0
j2ZWh5jV.bin.part
drwx------. dgrift dgrift staff_u:object_r:gnomekeyringd_tmp_t:s0
keyring-WdQsfK
-rw-------. dgrift dgrift staff_u:object_r:mutt_tmp_t:s0
mutt-localhost-501-18235-3
-rw-------. dgrift dgrift staff_u:object_r:mutt_tmp_t:s0
mutt-localhost-501-8164-0
-rw-------. dgrift dgrift staff_u:object_r:thunderbird_tmp_t:s0 nscopy.tmp
-rw-------. dgrift dgrift staff_u:object_r:thunderbird_tmp_t:s0 nsemail.eml
drwx------. dgrift dgrift staff_u:object_r:gconf_tmp_t:s0 orbit-dgrift
drwx------. dgrift dgrift staff_u:object_r:mozilla_tmp_t:s0 plugtmp
drwx------. dgrift dgrift staff_u:object_r:settings_tmp_t:s0
pulse-OiNnxjWF98p3
-rw-------. dgrift dgrift staff_u:object_r:mozilla_tmp_t:s0
tznhM2dC.bin.part
drwx------. dgrift dgrift staff_u:object_r:gvfs_tmp_t:s0
virtual-dgrift.6LYEJ0
as you can see: no nautilus type files.
Heres the content of orbit-dgrift:
srwxrwxr-x. dgrift dgrift staff_u:object_r:nautilus_tmp_t:s0
linc-10e2-0-4f696cceee20e
srwxrwxr-x. dgrift dgrift staff_u:object_r:nautilus_tmp_t:s0
linc-10ec-0-502cf33fe0460
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-10ed-0-6649d4dac803dsrwxrwxr-x. dgrift dgrift
staff_u:object_r:nautilus_tmp_t:s0 linc-10b6-0-9ee091faa189
srwxrwxr-x. dgrift dgrift staff_u:object_r:nautilus_tmp_t:s0
linc-10bb-0-61375a381a95e
srwxr-xr-x. dgrift dgrift staff_u:object_r:settings_tmp_t:s0
linc-114e-0-1d2e03cb73d24
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-121f-0-791071d070141
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-258c-0-61a4bc92e64aa
srwxr-xr-x. dgrift dgrift staff_u:object_r:gconf_tmp_t:s0
linc-2d67-0-32e3cdb6e48ca
srwxrwxr-x. dgrift dgrift staff_u:object_r:totem_tmp_t:s0
linc-2de2-0-41168a9ce63e4
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-2dfa-0-7bbf2cd7715fe
srwxrwxr-x. dgrift dgrift staff_u:object_r:user_tmp_t:s0
linc-3171-0-41d2bb1b84df7
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-31ff-0-3941cac469830
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-3edb-0-7089a1d899970
srwxrwxr-x. dgrift dgrift staff_u:object_r:totem_tmp_t:s0
linc-3eea-0-5937b663886e6
srwxrwxr-x. dgrift dgrift staff_u:object_r:totem_tmp_t:s0
linc-4218-0-7511906255140
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-424-0-6aa6d5a3da390
srwxrwxr-x. dgrift dgrift staff_u:object_r:empathy_tmp_t:s0
linc-4ae0-0-646e48dbdf89e
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-4b77-0-7b3d9ec931f6f
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomescreens_tmp_t:s0
linc-4d08-0-693aa89569ca1
srwxr-xr-x. dgrift dgrift staff_u:object_r:settings_tmp_t:s0
linc-7bc-0-7a8f02704c763
srwxrwxr-x. dgrift dgrift staff_u:object_r:gnomeshell_tmp_t:s0
linc-7c7-0-3503f4ce1da22
srwxr-xr-x. dgrift dgrift staff_u:object_r:settings_tmp_t:s0
linc-7ca-0-5b64aebc47ff2
Set some clear goals and work towards that. If you want to confine the
whole user space. youll have to move some mountains...
>> Are you planning on submitting this for inclusion in refpolicy? If so,
>> you may want to take a look at the style guide here:
>> http://oss.tresys.com/projects/refpolicy/wiki/StyleGuide
>
> Well that is definitely my long-term goal to get this policy to refpolicy, if
> you guys think that it is ready, that is. Thanx to point the Style Guide out.
My personal opinion is that this is far from ready and that confining
kde / konqueror requires some hacks that may never make it upstream.
I might be able to help you achieve what you want and share some of my
experiences with you as well as my policy (that you maybe able to use as
an example)
If you drop by #selinux or #fedora-selinux we can discuss the problems/
possibilities in more depth.
> Thats all for now, will send the code latter, when it is according to the Style
> Guide and when I have the recent tmp change more tested.
>
> Ondrej Vadinsky
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100914/c2339865/attachment.bin
On Tue, Sep 14, 2010 at 3:22 AM, Dominick Grift <[email protected]> wrote:
> I think konqueror is a file manager if i am not mistaken so i guess it
> can be compared to nautilus.
Actually konqueror is a web browser in addition to a file manager.
Which is of course bad from a security perspective.
http://en.wikipedia.org/wiki/Konqueror
I wonder if it is possible to modify konqueror to use SELinux to aid
in sandboxing web content.
Jason