From: domg472@gmail.com (Dominick Grift) Date: Wed, 23 Jun 2010 16:18:13 +0200 Subject: [refpolicy] [ irc patch 1/1] Extend the IRC domain to include IRSSI. In-Reply-To: <1277301033.2875.6.camel@gorn.columbia.tresys.com> References: <20100622193622.GA26980@localhost.localdomain> <1277236148.19832.6.camel@gorn.columbia.tresys.com> <4C21CC04.1010606@gmail.com> <1277295332.19832.12.camel@gorn.columbia.tresys.com> <4C21FDD5.7000504@gmail.com> <1277300946.2875.5.camel@gorn.columbia.tresys.com> <1277301033.2875.6.camel@gorn.columbia.tresys.com> Message-ID: <4C2217A5.5000608@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/23/2010 03:50 PM, Christopher J. PeBenito wrote: > On Wed, 2010-06-23 at 09:49 -0400, Christopher J. PeBenito wrote: >> On Wed, 2010-06-23 at 14:28 +0200, Dominick Grift wrote: >>> On 06/23/2010 02:15 PM, Christopher J. PeBenito wrote: >>> >>>>>>> >>>>>>> +type irc_etc_t; >>>>>>> +files_config_file(irc_etc_t) >>>>>> >>>>>> Why is this necessary? From what I can tell, irc_t only reads it. >>>>>> Irc_t already can read etc_t files, so this seems unnecessary. >>>>>> >>>>> >>>>> Few arguments here: >>>>> >>>>> 1. possible sensitive data. >>>> >>>> Such as? >>>> >>> >>> For example: "proxy_password = "";" >> >> Perhaps. Though I suspect its actually not that sensitive, and its >> probably easy to get through the app itself. >> >>>>> 2. irc_admin() >>>> >>>> I'm not really compelled by this. I don't think regular apps have >>>> admins. >>> >>> Well this is a system-wide config in /etc/irssi.conf only an (irc) admin >>> can set system-wide overrides. > > I'm still not compelled by the idea of an irc admin. Alright, why not commit what you think is right and drop the rest? > >>>> >>>>> 3. mozilla also has a mozilla_etc_t and also has access to >>>>> files_read_etc_files() afaik. >>>> >>>> If anything, this just tells me that mozilla is wrong too. >>> >>> That may indeed be wrong but i still believe irc_etc_t is the right >>> thing to do for irc_t. >>> >>>>>>> optional_policy(` >>>>>>> + automount_dontaudit_getattr_tmp_dirs(irc_t) >>>>>>> +') >>>>>>> + >>>>>>> +optional_policy(` >>>>>>> nis_use_ypbind(irc_t) >>>>>>> ') >>>>>>> + >>>>>>> +optional_policy(` >>>>>>> + nscd_socket_use(irc_t) >>>>>>> +') >>>>>> >>>>>> These two and the netlink_route socket earlier makes it look like its >>>>>> going towards auth_use_nsswitch(). >>>>>> >>>>> >>>>> Mozilla also has "automount_dontaudit_getattr_tmp_dirs", >>>>> "nscd_socket_use" and "... self:netlink_route_socket >>>>> r_netlink_socket_perms;", but does NOT have auth_use_nsswitch(). >>>> >>>> I mean the nis_use_ypbind(), nscd_socket_use(), and netlink_route_socket >>>> perms. Mozilla does not have nis_use_ypbind(), so it doesn't seem to >>>> need auth_use_nsswitch() yet. Thats not the case here. >> [...] >>> I am not sure here. Like i said before; i do not have a nis nor ldap or >>> nscd configuration. The netlink socket perms are confirmed to be >>> required for irssi, and i can also confirm that irssi atleast searches >>> nscd pid directories. I can only assume it does that to find the >>> nscd.socket. >>> >>> If you are not comfortable with adding auth_use_nsswitch(irc_t), then >>> please add nscd_dontaudit_search_pid() and remove the nscd_socket_use >>> and nis_use_ypbind. >>> >>> For what it is worth: In my personal branch i decided to just add >>> auth_use_nsswitch(irc_t). >> >> I think you misunderstand. I think auth_use_nsswitch(irc_t) _should_ be >> in there. >> > Alright, i cannot confirm nor deny. Why not commit what you think is right? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100623/0735859b/attachment.bin