From: kaigai@ak.jp.nec.com (KaiGai Kohei) Date: Tue, 28 Apr 2009 14:54:59 +0900 Subject: [refpolicy] [RFC] mod_selinux security policy Message-ID: <49F69A33.2070601@ak.jp.nec.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Folks, Nowadays, I'm also under development for a loadable module on apache/httpd, named as mod_selinux.so. It enables to launch web-applications with an individual security context based on http-authenticated users. It internally uses a one-time worker thread for each connections to perform as a restrictive domain bounded to httpd_t due to the hard-wired rule for multi-threading process. In the LCA2009 demonstration, all we can show was individual MCS category per http-users because of lack of TE policy. The following ugly policy is an example of TE policy for mod_selinux.so. http://code.google.com/p/sepgsql/source/browse/misc/mod_selinux/mod_selinux.te http://code.google.com/p/sepgsql/source/browse/misc/mod_selinux/mod_selinux.if We needed to remain a minimum set of privileges on the bounded domains because they also perform as a part of the daemon process, although they are restricted to access to the web contents or database objects. (Thus, it allows webapp_type to write on log files, for example.) In my hope, if we can have a interface to assign the minimum set of privileges on the bounded domain, it will be helpfull for authors of web applications which provide its own security policy. It will enables them to focus on writing their policy for web contents. Could you tell me your opinions? Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei