From: sds@tycho.nsa.gov (Stephen Smalley) Date: Mon, 3 Aug 2015 11:55:03 -0400 Subject: [refpolicy] kdbus support In-Reply-To: <55BF8E4C.9010706@redhat.com> References: <55BF5F1B.1010002@redhat.com> <55BF6C54.9070806@tycho.nsa.gov> <55BF7BA8.8000905@redhat.com> <55BF8B58.7000100@tycho.nsa.gov> <55BF8E4C.9010706@redhat.com> Message-ID: <55BF8ED7.1000402@tycho.nsa.gov> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/03/2015 11:52 AM, Daniel J Walsh wrote: > > > On 08/03/2015 11:40 AM, Stephen Smalley wrote: >> On 08/03/2015 10:33 AM, Daniel J Walsh wrote: >>> >>> On 08/03/2015 09:27 AM, Stephen Smalley wrote: >>>> On 08/03/2015 08:31 AM, Miroslav Grepl wrote: >>>>> I am working on kdbus support on Fedora 24. Basically we need to add >>>>> support for >>>>> >>>>> /sys/fs/kdbus >>>>> >>>>> and I am thinking about correct labeling. Something like >>>>> >>>>> +type kdbusfs_t; >>>>> +fs_type(kdbusfs_t) >>>>> +files_mountpoint(kdbusfs_t) >>>>> +dev_associate_sysfs(kdbusfs_t) >>>>> +genfscon kdbusfs / gen_context(system_u:object_r:kdbusfs_t,s0) >>>>> >>>>> What do you think about kdbusfs_t label? >>>> Until kdbus has LSM hooks, it should not be accessible by anything. >>>> Otherwise, it is a completely uncontrolled IPC mechanism by which >>>> anything is free to violate policy on the system. >>>> >>>> >>>> _______________________________________________ >>>> refpolicy mailing list >>>> refpolicy at oss.tresys.com >>>> http://oss.tresys.com/mailman/listinfo/refpolicy >>> Well Rawhide is totally broken right now, and everyone has to boot in >>> permissive mode. >>> >>> We need to allow this for now and then fix the kernel. >>> >> Is it unreasonable to require Fedora developers to test with SELinux >> enforcing before submitting changes? Especially systemd... >> > I am sure the developers would argue that the whole process would ground > to a halt. Seems problematic otherwise, as 1) it shifts the blame for breakage to SELinux rather than to the offending change, and 2) it teaches developers and users of rawhide to just always disable SELinux to avoid such breakage, which only further reinforces the problem. And then fixing such issues falls entirely on you and never on the developer who made the change. Certainly seems problematic that the maintainer of a such a critical package as systemd runs with SELinux disabled...