From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 6 Feb 2014 18:43:34 +0100
Subject: [refpolicy] I would like to suggest that we remove the tmpfs_t
 and type alias them to tmp_t.
In-Reply-To: <52F3AF38.7050708@redhat.com>
References: <52F36FC1.4020001@redhat.com> <52F39365.4020505@tresys.com>
	<52F3AF38.7050708@redhat.com>
Message-ID: <CAPzO=NxsMdi8_Tv7ya5LH98J6V7C8m-VHT+Szu1pmGOJho6+QA@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Isn't one of the problems with tmpfs_t that it is not explicit enough? Some
of the tmpfs_t grants can/are due to other tmpfs mounts. Using a shm_t at
least tells people what it is for.
On Feb 6, 2014 5:38 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/06/2014 02:51 PM, Christopher J. PeBenito wrote:
> > On 02/06/14 06:19, Daniel J Walsh wrote:
> >> - From a security point of view, treating this differently has little
> >> value in my mind.  I believe policy writers just write both rules in
> >> place.  I guess you could argue that combining them together would allow
> >> a domain to write to /dev/shm /tmp and /var/tmp and currently you could
> >> only write to one.
> >>
> >> What do people think about this?
> >
> > I don't think I have any objections, though I'm eager to hear opinions.
> > However, I think we should probably still keep /dev/shm separate.
> >
> Well the goal is to prevent code like the following:
>
> manage_dirs_pattern(aisexec_t, aisexec_tmp_t, aisexec_tmp_t)
> manage_files_pattern(aisexec_t, aisexec_tmp_t, aisexec_tmp_t)
> files_tmp_filetrans(aisexec_t, aisexec_tmp_t, { dir file })
>
> manage_dirs_pattern(aisexec_t, aisexec_tmpfs_t, aisexec_tmpfs_t)
> manage_files_pattern(aisexec_t, aisexec_tmpfs_t, aisexec_tmpfs_t)
> fs_tmpfs_filetrans(aisexec_t, aisexec_tmpfs_t, { dir file })
>
> We have this policy written everywhere.  Having /dev/shm labeled
> differently
> then /tmp means we still need to have this, which kills the idea.
>
> I would like to know what the security difference is between writing
> content
> to /dev/shm and /tmp?  Does anyone actually do anything when getting an AVC
> with a domain writing to /dev/shm other then allow the domain to write
> there?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlLzrzgACgkQrlYvE4MpobMhWgCcCB6ovrsQfXq0fe/pdsZfCWH9
> pcIAoIuipe2CH9bxC6yXBTHW3Eruwr7V
> =o6Sg
> -----END PGP SIGNATURE-----
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20140206/85641644/attachment.html