Which patch(es) are blocking that?
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/13/2011 02:02 PM, Christopher J. PeBenito wrote:
> Which patch(es) are blocking that?
>
Add new attributes to define a domain as an homedirreader or
homedirwriter.
New Policy for sblim
New policy for glance from fedora
New policy for matahari
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7ntoUACgkQrlYvE4MpobN1NQCg5k7qgu3/ZC0PpDwuCkUzo7Nc
y+wAnRdEL+XcWjynTV7wFQyKxEwBEFi7
=I5q4
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: userdomain_homedir_manager.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20111213/86258df5/attachment.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: glance_base.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20111213/86258df5/attachment-0001.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: matahari_base.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20111213/86258df5/attachment-0002.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sblim_base.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20111213/86258df5/attachment-0003.pl
On 12/13/11 15:33, Daniel J Walsh wrote:
> On 12/13/2011 02:02 PM, Christopher J. PeBenito wrote:
>> Which patch(es) are blocking that?
>
> Add new attributes to define a domain as an homedirreader or
> homedirwriter.
I don't agree with the homedirreader and homedirwriter concepts. I think the appropriate way is to abstract all of this noxattr home dir access is to do this for all of the existing interfaces. I would have done this in the first place, if there wasn't the problem with nested conditionals.
So for example, take userdom_list_user_home_content. The ideal would be
interface(`userdom_list_user_home_content',`
gen_require(`
type user_home_t;
')
allow $1 user_home_t:dir list_dir_perms;
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files($1)
')
tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_files($1)
')
')
But since this would cause problems if calls to this interface were in a conditional, we couldn't do this. I'd be fine taking an attribute style implementation like you have in this patch, but it would have to be for all of the relevant existing interfaces. That should have the benefit of eliminating all of the use_nfs_home_dirs and use_samba_home_dirs strewn all over the policy. If you skip the relabel, filetrans, domtrans, and dontaudit interfaces, I came up with 19 interfaces.
> New Policy for sblim
> New policy for glance from fedora
> New policy for matahari
I've merged these.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/15/2011 08:54 AM, Christopher J. PeBenito wrote:
> On 12/13/11 15:33, Daniel J Walsh wrote:
>> On 12/13/2011 02:02 PM, Christopher J. PeBenito wrote:
>>> Which patch(es) are blocking that?
>>
>> Add new attributes to define a domain as an homedirreader or
>> homedirwriter.
>
> I don't agree with the homedirreader and homedirwriter concepts. I
> think the appropriate way is to abstract all of this noxattr home
> dir access is to do this for all of the existing interfaces. I
> would have done this in the first place, if there wasn't the
> problem with nested conditionals.
>
> So for example, take userdom_list_user_home_content. The ideal
> would be
>
> interface(`userdom_list_user_home_content',` gen_require(` type
> user_home_t; ')
>
> allow $1 user_home_t:dir list_dir_perms;
>
> tunable_policy(`use_nfs_home_dirs',` fs_read_nfs_files($1) ')
>
> tunable_policy(`use_samba_home_dirs',` fs_read_cifs_files($1) ')
> ')
>
> But since this would cause problems if calls to this interface were
> in a conditional, we couldn't do this. I'd be fine taking an
> attribute style implementation like you have in this patch, but it
> would have to be for all of the relevant existing interfaces. That
> should have the benefit of eliminating all of the use_nfs_home_dirs
> and use_samba_home_dirs strewn all over the policy. If you skip
> the relabel, filetrans, domtrans, and dontaudit interfaces, I came
> up with 19 interfaces.
>
Are you doing these or do you want me to?
>
>> New Policy for sblim New policy for glance from fedora New policy
>> for matahari
>
> I've merged these.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7qCqAACgkQrlYvE4MpobNCxwCgl1yQIHIXumA+SYy9XX1Nlt/v
YhcAn1F6Hxv+O4+0fDSnoV6uQ00LutJ0
=Vr46
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/15/2011 08:54 AM, Christopher J. PeBenito wrote:
> On 12/13/11 15:33, Daniel J Walsh wrote:
>> On 12/13/2011 02:02 PM, Christopher J. PeBenito wrote:
>>> Which patch(es) are blocking that?
>>
>> Add new attributes to define a domain as an homedirreader or
>> homedirwriter.
>
> I don't agree with the homedirreader and homedirwriter concepts. I
> think the appropriate way is to abstract all of this noxattr home
> dir access is to do this for all of the existing interfaces. I
> would have done this in the first place, if there wasn't the
> problem with nested conditionals.
>
> So for example, take userdom_list_user_home_content. The ideal
> would be
>
> interface(`userdom_list_user_home_content',` gen_require(` type
> user_home_t; ')
>
> allow $1 user_home_t:dir list_dir_perms;
>
> tunable_policy(`use_nfs_home_dirs',` fs_read_nfs_files($1) ')
>
> tunable_policy(`use_samba_home_dirs',` fs_read_cifs_files($1) ')
> ')
>
> But since this would cause problems if calls to this interface were
> in a conditional, we couldn't do this. I'd be fine taking an
> attribute style implementation like you have in this patch, but it
> would have to be for all of the relevant existing interfaces. That
> should have the benefit of eliminating all of the use_nfs_home_dirs
> and use_samba_home_dirs strewn all over the policy. If you skip
> the relabel, filetrans, domtrans, and dontaudit interfaces, I came
> up with 19 interfaces.
>
>
>> New Policy for sblim New policy for glance from fedora New policy
>> for matahari
>
> I've merged these.
>
One other comment on the homemanager stuff. I don't think it is as
easy to say just if you use a userdom_*_home interface, since in a lot
of cases confined domains might only be allowed to manage a labeled
file in the homedir. For example sshd_t can only read ssh_home_t but
would still be a userhomereader.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7qRhEACgkQrlYvE4MpobNhJgCfTb7cLW0uKo+oIbUxClgljx5N
xpAAoKxmbmhETsTKU5K0j4Nm15RBUjzW
=VwXj
-----END PGP SIGNATURE-----
On 12/15/11 09:56, Daniel J Walsh wrote:
> On 12/15/2011 08:54 AM, Christopher J. PeBenito wrote:
>> On 12/13/11 15:33, Daniel J Walsh wrote:
>>> On 12/13/2011 02:02 PM, Christopher J. PeBenito wrote:
>>>> Which patch(es) are blocking that?
>>>
>>> Add new attributes to define a domain as an homedirreader or
>>> homedirwriter.
>
>> I don't agree with the homedirreader and homedirwriter concepts. I
>> think the appropriate way is to abstract all of this noxattr home
>> dir access is to do this for all of the existing interfaces. I
>> would have done this in the first place, if there wasn't the
>> problem with nested conditionals.
>
>> So for example, take userdom_list_user_home_content. The ideal
>> would be
>
>> interface(`userdom_list_user_home_content',` gen_require(` type
>> user_home_t; ')
>
>> allow $1 user_home_t:dir list_dir_perms;
>
>> tunable_policy(`use_nfs_home_dirs',` fs_read_nfs_files($1) ')
>
>> tunable_policy(`use_samba_home_dirs',` fs_read_cifs_files($1) ')
>> ')
>
>> But since this would cause problems if calls to this interface were
>> in a conditional, we couldn't do this. I'd be fine taking an
>> attribute style implementation like you have in this patch, but it
>> would have to be for all of the relevant existing interfaces. That
>> should have the benefit of eliminating all of the use_nfs_home_dirs
>> and use_samba_home_dirs strewn all over the policy. If you skip
>> the relabel, filetrans, domtrans, and dontaudit interfaces, I came
>> up with 19 interfaces.
>
> Are you doing these or do you want me to?
I'm going to have to do more thinking about this. Instead of running into the nested conditionals problem, its going to run into the problem of type_attributes in conditionals.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com