From: jason@perfinion.com (Jason Zaman)
Date: Tue, 12 Apr 2016 01:11:07 +0800
Subject: [refpolicy] fcontexts for XDG_RUNTIME_DIR /run/user
Message-ID: <20160411171107.GA1532@meriadoc.perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi all,

I submitted patches to add USERID and USERNAME to genhomedircon[1] and
am now trying to fix refpol to work with it.

What labels do we want for things in /run/user?
Currently refpol has the following which seems pretty weird:
/var/run/user(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
It was originally added from fedora but fedora has since dropped that.

fedora now has:
/var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0)

The problem with that fcontext is that users have write perms towards
user_tmp_t so they would be able to do other things in /run/user/
instead of only within /run/user/%{USERID}/.

I think we should have some kind of _root_t and _home_t like how things
are for /home and /home/USERNAME

In gentoo we have an xdg module which adds xdg_runtime_home_t which we
have for the user's dir. I was thinking to add an xdg_runtime_dir_t or
_root_t. then things would get search perms towards that root dir and
get normal write perms within the actual runtime dir. Only
logind/consolekit would need to manage xdg_runtime_dir_t.

If we send (parts of?) the xdg module upstream from gentoo, would it be
accepted? and if not, I want to at least fix the label for /run/user/
(xdg_runtime_dir_t or whatever is decided) in refpol and then I can
carry the xdg_runtime_home_t part in gentoo only.

Regards,
Jason

[1]: https://marc.info/?l=selinux&m=146013183309131&w=2