From: dominick.grift@gmail.com (Dominick Grift)
Date: Fri, 23 Sep 2011 17:04:28 +0200
Subject: [refpolicy] RFC: secure_mode_policyload revision
In-Reply-To: <4E7C96DF.4000007@tresys.com>
References: <4E7C96DF.4000007@tresys.com>
Message-ID: <1316790268.1931.36.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2011-09-23 at 10:25 -0400, Christopher J. PeBenito wrote:
> Right now, secure_mode_policyload disables policy loading and Boolean changing.  The latter is to prevent secure_mode_policyload from being turned off.  I was thinking that secure_mode_policyload could be revised by labeling this Boolean, and then only removing access to it when secure_mode_policyload is enabled, so Booleans can still be toggled, except for secure_mode_policyload.  Thoughts?
> 

My thoughts on this are:

Does boolean toggling not involve a policyload? ( I am too lazy to add a
auditallow rule, but i gather you took that into account so must not be
the case or policyload must actually not refer to load_policy permission
) 

> Sep 23 16:58:10 x220 dbus[1511]: avc:  received policyload notice (seqno=2)
> Sep 23 16:58:10 x220 dbus[1138]: avc:  received policyload notice (seqno=2)
> Sep 23 16:58:10 x220 dbus-daemon[1138]: dbus[1138]: avc:  received policyload notice (seqno=2)
> Sep 23 16:58:10 x220 dbus[1138]: [system] Reloaded configuration
> Sep 23 16:58:10 x220 dbus-daemon[1138]: dbus[1138]: [system] Reloaded configuration
> Sep 23 16:58:10 x220 setsebool: The xend_run_qemu policy boolean was changed to on by root

Besides that i think:

> ## <desc>
> ##	<p>
> ##	Make the specified type used for labeling SELinux Booleans.
> ##	</p>
> ##	<p>
> ##	This makes use of genfscon statements, which are only
> ##	available in the base module.  Thus any module which calls this
> ##	interface must be included in the base module.
> ##	</p>
> ## </desc>

No big deal in this case because selinux module is in base already.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110923/cc53af8f/attachment.bin