From: russell@coker.com.au (Russell Coker)
Date: Wed, 14 Jul 2010 21:48:01 +1000
Subject: [refpolicy] Defining per-service initrc domains
In-Reply-To: <1279054665.28691.227.camel@moss-pluto.epoch.ncsc.mil>
References: <1279054665.28691.227.camel@moss-pluto.epoch.ncsc.mil>
Message-ID: <201007142148.01963.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 14 Jul 2010, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> We would like to be able to define a set of per-service initrc domains
> for particular rc scripts.

What is the aim of this?

Do you want to allow different source domains (other than init_t) to run some 
of these init scripts, do you want to prevent a bug in init script A from 
messing with daemon B (through accident or malice), or both?

I guess it's worth noting here that currently initrc_t is not confined in any 
way that really matters.  The privileges associated with mounting filesystems 
and starting udev mean that you can't stop a script running as initrc_t from 
taking over your system.

To what degree are you thinking of breaking down initrc_t?  Just domains for 
starting a few daemons or do you want to have separate domains for all the 
major areas of functionality in booting the system?

Have you considered the possibility of just using labels such as ftpd_exec_t 
for init scripts?  I've done that before...

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog