From: jason@perfinion.com (Jason Zaman) Date: Thu, 14 Apr 2016 02:24:48 +0800 Subject: [refpolicy] fcontexts for XDG_RUNTIME_DIR /run/user In-Reply-To: <570E7B6F.3070408@tresys.com> References: <20160411171107.GA1532@meriadoc.perfinion.com> <570D0995.5010500@tresys.com> <20160412170235.GA13053@meriadoc.perfinion.com> <570D3720.8070301@tresys.com> <570E716F.5080908@redhat.com> <570E7B6F.3070408@tresys.com> Message-ID: <20160413182448.GA8182@meriadoc.perfinion.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, Apr 13, 2016 at 01:01:35PM -0400, Christopher J. PeBenito wrote: > On 4/13/2016 12:18 PM, Miroslav Grepl wrote: > > On 04/12/2016 07:57 PM, Christopher J. PeBenito wrote: > >> On 4/12/2016 1:02 PM, Jason Zaman wrote: > >>> On Tue, Apr 12, 2016 at 10:43:33AM -0400, Christopher J. PeBenito wrote: > >>>> On 4/11/2016 1:11 PM, Jason Zaman wrote: > >>>>> Hi all, > >>>>> > >>>>> I submitted patches to add USERID and USERNAME to genhomedircon[1] and > >>>>> am now trying to fix refpol to work with it. > >>>>> > >>>>> What labels do we want for things in /run/user? > >>>>> Currently refpol has the following which seems pretty weird: > >>>>> /var/run/user(/.*)? gen_context(system_u:object_r:var_auth_t,s0) > >>>>> It was originally added from fedora but fedora has since dropped that. > >>>>> > >>>>> fedora now has: > >>>>> /var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0) > >>>>> > >>>>> The problem with that fcontext is that users have write perms towards > >>>>> user_tmp_t so they would be able to do other things in /run/user/ > >>>>> instead of only within /run/user/%{USERID}/. > >>>>> > >>>>> I think we should have some kind of _root_t and _home_t like how things > >>>>> are for /home and /home/USERNAME > >>>> > >>>> This makes sense. > >>> > >>> so this? > >>> /var/run/user system_u:object_r:xdg_runtime_root_t:s0 > >>> /var/run/user/1000 staff_u:object_r:xdg_runtime_home_t:s0 > >>> > >>> Once the patches get merged in to the userspace tools I will start > >>> preparing patches for this. > >>> > >> [...] > >>>> Which group (if any) specified how /run/user/UID should be used? XDG? > >>> > >>> https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html > >>> > >>> I think systemd started it, but ConsoleKit2 supports it too and it is > >>> officially a freedesktop/XDG spec. > >> > >> I think it makes more sense for these not to be XDG-named types, since > >> XDG isn't the only one that uses it. Perhaps something like > >> user_runtime_root_t and user_runtime_t, or maybe user_runtime_t and > >> user_tmp_t (I'm open to other suggestions). > >> > > > > Ok, this is again https://github.com/systemd/systemd/issues/257. > > I don't see how this is related. This isn't about systemd's behavior, > but simply choosing what are the correct .fc entries for this directory > structure. Yeah systemd looks up the fcontext from the policy. The reason for this patch and the genhomedircon patches is so that we actually have a way to label these subdirs correctly in the policy in the first place. Once this is merged in systemd can be corrected if it needs to be. I am part way through fixing up ConsoleKit2 to do the same thing. -- Jason