From: russell@coker.com.au (Russell Coker)
Date: Wed, 19 Oct 2016 16:40:59 +1100
Subject: [refpolicy] Confining services without confining users
In-Reply-To: <a3c46527-877e-545f-a257-3126c2521617@ieee.org>
References: <67130EC7AFA3FE4E9290B03665B351F4056B05@SE-EX022.groupinfra.com>
	<a3c46527-877e-545f-a257-3126c2521617@ieee.org>
Message-ID: <4575498.XAtSL3l79j@russell.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Monday, 17 October 2016 9:05:25 PM AEDT Chris PeBenito via refpolicy wrote:
> If you leave your users unconfined, then you're saying that you 
> completely trust your users (from the SELinux perspective) and only want 
> to rely on Linux DAC protections.  The problem with this amount of trust 
> is that many users run web browsers or other network clients that may 
> not be so trustworthy, which is why web browsers typically have some 
> confinement and also why tools like sandbox exist.

The problem we have is that in typical usage of a desktop computing 
environment a web browser reads and writes so many files that most sysadmins 
won't accept a policy that restricts the browser from accessing most files in 
the user's home directory.  When a web browser can write to ~/.bashrc and 
similar files there are no meaningful restrictions on what it can do to the 
user's session.

It would be good if tools like sandbox were used more.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/