From: dwalsh@redhat.com (Daniel J Walsh) Date: Mon, 15 Oct 2012 10:06:05 -0400 Subject: [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash In-Reply-To: References: <1350244316-11712-1-git-send-email-debian@mikapflueger.de> <1350245855.9829.8.camel@d30.localdomain> <1350246825.9829.11.camel@d30.localdomain> <1350247483.9829.19.camel@d30.localdomain> Message-ID: <507C184D.6000405@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/15/2012 05:43 AM, Sven Vermeulen wrote: > In gentoo i am using flash_home_t as there are even non-browser apps using > flash. And i don't trust flash. > > On Oct 14, 2012 10:44 PM, "Dominick Grift" > wrote: > > > > On Sun, 2012-10-14 at 22:33 +0200, Dominick Grift wrote: >> >> On Sun, 2012-10-14 at 22:17 +0200, Dominick Grift wrote: >>> I actually revisited the mozilla plugin and i am thinking about how to >>> deal with plugins like flash and their userdom user home content. >>> >>> I am not yet sure if mozilla_home_t is the optimal type for this and >>> if it is worth having a private type for it >>> >>> mozilla home type of files are sensitive in a sense. consider your >>> password stored in mozilla etc. >>> >>> i am not sure whether flash home content justifies having a private >>> type and if so if it is a good idea to label it mozilla home t >>> >>> if we label it mozilla home t and some app needs access to flash then >>> it automatically has access to mozilla content and i am not sure if >>> this is desired >>> >>> We now have the named file transition functionality so we can allow >>> mozila access to generic user home content without problem and still >>> have its sensitive content protected with the mozilla home type >>> >>> I would like the opinion of others on this issue >>> >>> it is worth to label flash content in home? and if so what would be a >>> better idea: 1. to classify it mozilla home content or classify it >>> something else? >> >> also consider the following one has two browsers for example firefox and >> chromium, both use flash and both have their content in home with their >> own private type >> >> the flash content in home is labeled as per your suggestion >> mozilla_home_t, now chromium needs access to mozilla_home_t and as a >> consequence can now also edit mozilla content >> >> this seems like a bad idea to me > > What people need to understand is that now that we have named file > transitions the whole selinux in the desktop enviroment issue has changed > > Previously we desperately tried to avoid confined user agents to generic > home content. This was because we had little fexibility with file type > transitions in /home > > This caused issues that basically made us lose focus in the core issues > > protect what needs to be protected without losing functionality if > possible > > Now we need to go back to focus on what is important. > > A browser can have access and create generic user content. Thats ok. Aslong > as content worth protecting gets a private type. > > And aslong as confined agents only get the access they need > > And that is now possible. > > now we can confine the user space in a proper way without pissing of users > (or at least pissing them off more than strictly required) > > protect what makes sense to protect and leave anything else generic > >>> On Sun, 2012-10-14 at 21:51 +0200, Mika Pfl?ger wrote: >>>> From: Russel Coker >>> > >>>> >>>> --- mozilla.fc | 1 + 1 file changed, 1 insertion(+) >>>> >>>> diff --git a/mozilla.fc b/mozilla.fc index 3a73e74..271928b 100644 >>>> --- a/mozilla.fc +++ b/mozilla.fc @@ -1,3 +1,4 @@ >>>> +HOME_DIR/\.adobe(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) >>>> HOME_DIR/\.config/chromium(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) >>>> HOME_DIR/\.galeon(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) >>>> HOME_DIR/\.java(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) >>> >>> >> >> > > > _______________________________________________ refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > > > > _______________________________________________ refpolicy mailing list > refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy > I agree we should start to be moving to more types in homedir for better separation. I would love to try to remove mozilla_plugin_t from full access to mozilla_home_t also. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlB8GEwACgkQrlYvE4MpobPQnACgljfX88IB3zL8Ty+0S5DsLxMl n3wAnjOhEyzEQlRb7VSKZJZLnL7rQtl7 =BuXw -----END PGP SIGNATURE-----