From: guido@trentalancia.net (Guido Trentalancia) Date: Tue, 29 Nov 2016 12:30:23 +0100 Subject: [refpolicy] [PATCH] Apache OpenOffice module In-Reply-To: References: <1480113700.5692.4.camel@trentalancia.net> Message-ID: <1480419023.3098.10.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher. On Mon, 28/11/2016 at 20.48 -0500, Chris PeBenito via refpolicy wrote: > On 11/26/16 08:53, Dominick Grift via refpolicy wrote: > > > > On 11/25/2016 11:41 PM, Guido Trentalancia via refpolicy wrote: > > > > > > This is a minimal patch that I am testing to support Apache > > > OpenOffice > > > with its own module. > > > > > > The file contexts (and initial tests) are based on the default > > > installation path for version 4 of the office suite. > > > > > > Signed-off-by: Guido Trentalancia > > > --- > [...] > > > > > > I am personally of the opinion that this module probably will not > > cut it > > in the end. Basically because it's too limited, especially > > considering > > that it uses dbus. > > I'm unclear what the purpose of this policy is.??Users aren't going > to? > expect this kind of limitation.??They should be able to edit > whatever? > their user domain has access to, i.e. the same reason vim doesn't > have a? > policy. The module aims to confine Apache OpenOffice so that it runs in its own domain with the least privilege instead of running in the user domain with a large set of unneeded permissions which can create vulnerabilities, for example, if a malicious version of the application is installed. When using the "openoffice" module that I propose (if you give it a try on a test system, for example), the user can manage files in his/her own home directory and performs most, if not all, operations currently supported by the OpenOffice suite of applications. Other applications that are not currently confined (such as vim that you mentioned) can be confined at a later time to achieve an increased overall level of security (reduced attack surface, i.e. fewer security risks / decreased probability of a successful attack). Regards, Guido