From: guido@trentalancia.net (Guido Trentalancia)
Date: Tue, 30 Aug 2016 21:23:01 +0200
Subject: [refpolicy] [PATCH v4] Update for the gnome policy and file
 contexts
In-Reply-To: <fc5ee4b5-fc19-a753-5b95-0f8a3d83d122@ieee.org>
References: <1471099545.21480.27.camel@trentalancia.net>
	<1471296811.28802.0.camel@trentalancia.net>
	<1471704772.17584.9.camel@trentalancia.net>
	<1471894798.19333.1.camel@trentalancia.net>
	<e24eaac7-5277-23b5-f5db-d1a286920a9b@ieee.org>
	<1471956294.17467.4.camel@trentalancia.net>
	<d4e37b0e-79de-eee1-fa40-7888b5802591@ieee.org>
	<1472075733.19800.4.camel@trentalancia.net>
	<cb9a9019-2e69-dde1-e3cb-aa4382f3f589@ieee.org>
	<1472317696.28955.1.camel@trentalancia.net>
	<c49f1270-caa7-7e41-60dc-66ce0fe44e3c@gmail.com>
	<1472318213.31962.2.camel@trentalancia.net>
	<d5ad4d2b-f29f-1e45-84a1-a69dedd428f4@gmail.com>
	<1472330498.25935.7.camel@trentalancia.net>
	<fd0e9bd4-f385-081b-36b5-ccf0c55cfa5c@gmail.com>
	<1472334513.25935.16.camel@trentalancia.net>
	<6b1697f1-2aaf-3727-5b69-8794a0f85530@gmail.com>
	<aef29033-a90d-f964-c23e-bb71bbae9154@gmail.com>
	<7EAFAD82-CDDA-47E3-950E-4D5610686C6C@trentalancia.net>
	<fc5ee4b5-fc19-a753-5b95-0f8a3d83d122@ieee.org>
Message-ID: <1472584981.15862.15.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Christopher.

On Sun, 28/08/2016 at 14.40 -0400, Chris PeBenito wrote:
> On 08/28/16 11:37, Guido Trentalancia via refpolicy wrote:
> > 
> > Things are very far from working naturally as they are.
> > 
> > On the other hand, the patches are surely far from being complete
> > or stable yet, but at least every version allows to start the Gnome
> > desktop.
> > 
> > Now I met this major problem, it looks by all means a limitation of
> > the existing framework, but I am sure that it will be sorted out...
> > 
> > I am also waiting to hear from Christopher about this.
> 
> The way I see it is that general purpose desktops are incredibly?
> complicated and are not designed with security in mind.??I wonder if
> the?
> policy complexity needed to confine it all actually buys a
> proportional?
> amount of security gains.??I'm not saying it shouldn't be done, but I
> am?
> skeptical that it is worth it.

Apart from confining the whole desktop, what I recently proposed to
Dominick for further evaluation is as follows:

- we patch the libsepol code so that it creates all the conflicting
type rules instead of aborting;
- we also patch the policy enforcing code, so that when it needs to
enforce one of such conflicting type rules, it first searches for
duplicates and then it enforces the one that matches the calling
context.

Do you think the above is feasible (in particular, "matching the
calling context") ?

Best regards,

Guido