From: russell@coker.com.au (Russell Coker) Date: Wed, 14 Jul 2010 21:48:01 +1000 Subject: [refpolicy] Defining per-service initrc domains In-Reply-To: <1279054665.28691.227.camel@moss-pluto.epoch.ncsc.mil> References: <1279054665.28691.227.camel@moss-pluto.epoch.ncsc.mil> Message-ID: <201007142148.01963.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 14 Jul 2010, Stephen Smalley wrote: > We would like to be able to define a set of per-service initrc domains > for particular rc scripts. What is the aim of this? Do you want to allow different source domains (other than init_t) to run some of these init scripts, do you want to prevent a bug in init script A from messing with daemon B (through accident or malice), or both? I guess it's worth noting here that currently initrc_t is not confined in any way that really matters. The privileges associated with mounting filesystems and starting udev mean that you can't stop a script running as initrc_t from taking over your system. To what degree are you thinking of breaking down initrc_t? Just domains for starting a few daemons or do you want to have separate domains for all the major areas of functionality in booting the system? Have you considered the possibility of just using labels such as ftpd_exec_t for init scripts? I've done that before... -- russell at coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog