From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 05 Sep 2012 10:41:52 +0200
Subject: [refpolicy] [PATCH 2/3] user access to DOS files
In-Reply-To: <1346828428.15262.53.camel@d30.localdomain>
References: <1346793669-26282-1-git-send-email-bigon@debian.org>
	<1346793669-26282-2-git-send-email-bigon@debian.org>
	<5046927D.8010809@trentalancia.com>
	<1346828428.15262.53.camel@d30.localdomain>
Message-ID: <50471050.5060502@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/09/2012 09:00, Dominick Grift wrote:
>
>
> On Wed, 2012-09-05 at 01:45 +0200, Guido Trentalancia wrote:
>> On 04/09/2012 23:21, Laurent Bigonville wrote:
>>> From: Mika Pfl?ger <debian@mikapflueger.de>
>>>
>>> Add a new boolean to grant users access to dosfs_t.
>>> ---
>>>    policy/global_tunables              |    7 +++++++
>>>    policy/modules/system/userdomain.if |    6 ++++++
>>>    2 files changed, 13 insertions(+)
>>>
>>> diff --git a/policy/global_tunables b/policy/global_tunables
>>> index 4705ab6..43cc19a 100644
>>> --- a/policy/global_tunables
>>> +++ b/policy/global_tunables
>>> @@ -111,3 +111,10 @@ gen_tunable(use_samba_home_dirs,false)
>>>    ## </p>
>>>    ## </desc>
>>>    gen_tunable(user_tcp_server,false)
>>> +
>>> +## <desc>
>>> +## <p>
>>> +## Allow users to manage files on dosfs_t devices, usually removable media
>>> +## </p>
>>> +## </desc>
>>> +gen_tunable(user_manage_dos_files,true)
>>
>> In my opinion is good to have this as on option, but in a secure
>> environment the default should be false for removable media.
>
> i would prefer the boolean to be fprefix userdom or userdomain instead
> of user, because that it the module that declares this boolean.
>
> Since the user is also allowed to manage dos dirs i would probably call
> it: userdomain_manage_dos_content
>
> as description i would use:
>
> "Determine whether users can manage dosfs content."

I agree. And, in particular it's not "dos files" which can be confusing, 
but dos filesystems which is already perfectioned in Dominick's amendments.

>>> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
>>> index e720dcd..0c96b65 100644
>>> --- a/policy/modules/system/userdomain.if
>>> +++ b/policy/modules/system/userdomain.if
>>> @@ -117,6 +117,12 @@ template(`userdom_base_user_template',`
>>>    		# Allow making the stack executable via mprotect.
>>>    		allow $1_t self:process execstack;
>>>    	')
>>> +
>>> +	tunable_policy(`user_manage_dos_files',`
>>> +		fs_manage_dos_dirs($1_t)
>>> +		fs_manage_dos_files($1_t)
>>> +	')
>>> +
>>>    ')
>>>
>>>    #######################################