From: nicky726@gmail.com (Nicky726) Date: Tue, 14 Sep 2010 14:18:42 +0200 Subject: [refpolicy] Policy for Konqueror and KDE v8 In-Reply-To: <1284132209.1749.22.camel@jeremy-ubuntu> References: <201009011924.20507.Nicky726@gmail.com> <1284132209.1749.22.camel@jeremy-ubuntu> Message-ID: <201009141418.42992.Nicky726@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello, first of all thanx for comments, I have incorporated some of them and have a few questions to others. Dne P? 10. z??? 2010 17:23:29 Jeremy Solt napsal(a): > > interface(`kde_read_home_files',` > > > > gen_require(` > > > > type kde_home_t; > > > > ') > > > > allow $1 kde_home_t:file read_file_perms; > > allow $1 kde_home_t:dir list_dir_perms; > > userdom_search_user_home_dirs($) > > > > ') > > You should use read_files_pattern here, unless list is really needed. Correct me if I am wrong, but as kde_home_t files are inside of (one or even more) kde_home_t directories, the list permission is needed to access them (directory has to be listed first). > > # Now KDE temp stuff is created with user_tmp_t with more KDE aps > > confined it'll have the right context. For now grant minimal necessary > > access to usr temp > > > +userdom_read_user_tmp_files(konqueror_t) > > +userdom_write_user_tmp_files(konqueror_t) > > +userdom_manage_user_tmp_sockets(konqueror_t) > > kde_tmp_t is declared but not used in kde.te, is this the reason for > these calls? Well I came to feeling that the way KDE apps access temp is pretty messed up. There are at least two types of temp files: those only one application accesses and those more KDE apps access. None of those has to actually be there and are created by the first application which needs them. I didn't realised the troubles with it when developing Konqueror policy, but now as I try to confine KMail for my diploma paper, I've been quickly hit by them. If it is Konqueror, which creates shared temp files, they are labelled konqueror_tmp_t and KMail cannot access them. As there is no guarantee which application creates those files, I cannot find a way how to classify them in SELinux. The only working solution I came with is to use only kde_tmp_t type for all confined KDE apps with full rights to it and at least read/write access to user_tmp_t. That just doesn't feel right to me though. And moreover due to xserver_user_x_domain_template needs application tmp type I cannot even ditch the application tmp types. If somebody sees better way out of it, I'd be glad. > Are you planning on submitting this for inclusion in refpolicy? If so, > you may want to take a look at the style guide here: > http://oss.tresys.com/projects/refpolicy/wiki/StyleGuide Well that is definitely my long-term goal to get this policy to refpolicy, if you guys think that it is ready, that is. Thanx to point the Style Guide out. Thats all for now, will send the code latter, when it is according to the Style Guide and when I have the recent tmp change more tested. Ondrej Vadinsky -- Don't it always seem to go That you don't know what you've got Till it's gone (Joni Mitchell)