From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 3 Jul 2012 17:20:29 +0200
Subject: [refpolicy] pptp_t vs pppd_t
In-Reply-To: <4FF2D4EE.6050805@redhat.com>
References: <201207031543.56296.russell@coker.com.au>
	<4FF2D4EE.6050805@redhat.com>
Message-ID: <20120703152029.GA22891@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, Jul 03, 2012 at 07:18:06AM -0400, Daniel J Walsh wrote:
> I am always for merging domains together.  I think we have far too many
> domains that basically have the security domain and just add complexity.
> Fedora consolidated all of the "spam" domains also.
> 
> I really believe we should consolidate the mail domains.  mail_t instead of
> sendmail_t, postfix_t, qmail_t, dovecot_t, courier_t ...

I disagree here. I'm not opposed to supporting consolidated domains, but I'd
rather support both. The policy language (refpolicy, that is) is flexible
enough to manage a mail domain that supports both a generic mail domain
as well as derived domains that inherit stuff from the mail domain (through
the use of a mail_domain_template).

My idea here is to have such generic domain modules, each with one, perhaps
two templates that allow policy developers to make more fine-grained
policies. The generic domain module (here "mailserver") would support generic
domains (like using mailserver_exec_t to transition to mailserver_t), but
also templates to either support a very strict set of privileges
("mailserver_strict_domain_template") or a more broader one
("mailserver_domain_template").

The broader one would probably be used for the "mailserver_t" domain, and
perhaps other multi-functional domains, whereas policy developers that want
a more strict approach use the mailserver_strict_domain_template to prepare
their domain (say sendmail_t) with those privileges that are common across
all mail servers, but nothing more.

The privileges you want to put in the mail domains would then be part of the
mailserver_domain_template. A subset of those privileges can be brought to
mailserver_strict_domain_template (like the corenet stuff for smtp ports). 

That way, you can opt for the broader implementation, whereas others can use
a more strict configuration set.

Wkr,
	Sven Vermeulen