From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 05 Sep 2012 10:41:52 +0200
Subject: [refpolicy] [PATCH 2/3] user access to DOS files
In-Reply-To: <1346828428.15262.53.camel@d30.localdomain>
References: <1346793669-26282-1-git-send-email-bigon@debian.org>
<1346793669-26282-2-git-send-email-bigon@debian.org>
<5046927D.8010809@trentalancia.com>
<1346828428.15262.53.camel@d30.localdomain>
Message-ID: <50471050.5060502@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On 05/09/2012 09:00, Dominick Grift wrote:
>
>
> On Wed, 2012-09-05 at 01:45 +0200, Guido Trentalancia wrote:
>> On 04/09/2012 23:21, Laurent Bigonville wrote:
>>> From: Mika Pfl?ger
>>>
>>> Add a new boolean to grant users access to dosfs_t.
>>> ---
>>> policy/global_tunables | 7 +++++++
>>> policy/modules/system/userdomain.if | 6 ++++++
>>> 2 files changed, 13 insertions(+)
>>>
>>> diff --git a/policy/global_tunables b/policy/global_tunables
>>> index 4705ab6..43cc19a 100644
>>> --- a/policy/global_tunables
>>> +++ b/policy/global_tunables
>>> @@ -111,3 +111,10 @@ gen_tunable(use_samba_home_dirs,false)
>>> ##
>>> ##
>>> gen_tunable(user_tcp_server,false)
>>> +
>>> +##
>>> +##
>>> +## Allow users to manage files on dosfs_t devices, usually removable media
>>> +##
>>> +##
>>> +gen_tunable(user_manage_dos_files,true)
>>
>> In my opinion is good to have this as on option, but in a secure
>> environment the default should be false for removable media.
>
> i would prefer the boolean to be fprefix userdom or userdomain instead
> of user, because that it the module that declares this boolean.
>
> Since the user is also allowed to manage dos dirs i would probably call
> it: userdomain_manage_dos_content
>
> as description i would use:
>
> "Determine whether users can manage dosfs content."
I agree. And, in particular it's not "dos files" which can be confusing,
but dos filesystems which is already perfectioned in Dominick's amendments.
>>> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
>>> index e720dcd..0c96b65 100644
>>> --- a/policy/modules/system/userdomain.if
>>> +++ b/policy/modules/system/userdomain.if
>>> @@ -117,6 +117,12 @@ template(`userdom_base_user_template',`
>>> # Allow making the stack executable via mprotect.
>>> allow $1_t self:process execstack;
>>> ')
>>> +
>>> + tunable_policy(`user_manage_dos_files',`
>>> + fs_manage_dos_dirs($1_t)
>>> + fs_manage_dos_files($1_t)
>>> + ')
>>> +
>>> ')
>>>
>>> #######################################