From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Dec 2014 18:14:48 +0100
Subject: [refpolicy] What is security_file_type and auth_file_type?
In-Reply-To: <5498296E.1040506@redhat.com>
References: <20141221101128.GA2409@siphos.be>
 <5498296E.1040506@redhat.com>
Message-ID: <20141223171448.GA8230@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Dec 22, 2014 at 09:23:42AM -0500, Daniel J Walsh wrote:
> I see security_file_type as being the type associated with types that
> should not be READ, not written.
> /etc/shadow and friends. 
> 
>  seinfo -asecurity_file_type  -x
>    security_file_type
>       selinux_config_t
>       default_context_t
>       dnssec_t
>       shadow_t
>       krb5_keytab_t
>       selinux_login_config_t
>       file_context_t
>       audit_spool_t
>       semanage_store_t
>       auditd_etc_t
>       auditd_log_t
>       random_seed_t
> 
> Although a couple of these (selinux config types) should probably not be
> included.  

So things like private keys and passwords (or password containing files) I
can understand. Why would auditd related files be considered to be "not
readable"? What leaks/problems do you see with access to those files that
are so severe?

Wkr,
	Sven Vermeulen

PS At least you can still query which types have security_file_type set.
   With the 2.4 userspace if the attribute is not directly used in rules,
   then it is no longer part of the policy:

   ~# seinfo -asecurity_file_type -x
   ERROR: Provided attribute (security_file_type) is not a valid attribute
   name.

   This is because the security_file_type is used for /excluding/ those
   types from rules (like "{ file_type -security_file_type }").