From: dac.override@gmail.com (Dominick Grift) Date: Tue, 5 Dec 2017 14:33:04 +0100 Subject: [refpolicy] [PATCH 1/1] Allow systemd_logind to manage xdm_tmp_t files In-Reply-To: References: <20171205080134.GA19951@julius.enp8s0.d30> Message-ID: <20171205133304.GG19951@julius.enp8s0.d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, Dec 05, 2017 at 01:25:58PM +0000, David Sugar via refpolicy wrote: > > -----Original Message----- > > From: refpolicy-bounces at oss.tresys.com [mailto:refpolicy- > > bounces at oss.tresys.com] On Behalf Of Dominick Grift via refpolicy > > Sent: Tuesday, December 05, 2017 3:02 AM > > To: refpolicy at oss.tresys.com > > Subject: Re: [refpolicy] [PATCH 1/1] Allow systemd_logind to manage > > xdm_tmp_t files > > > > On Mon, Dec 04, 2017 at 09:49:56PM +0000, David Sugar via refpolicy > > wrote: > > > Allow systemd_logind to manage xdm_tmp_t files in /run/user/$(UID)/. > > These files get removed by systemd_logind. > > > > > > type=AVC msg=audit(1511920346.734:199): avc: denied { read } for > > > pid=1067 comm="systemd-logind" name="dconf" dev="tmpfs" ino=14745 > > > scontext=system_u:system_r:systemd_logind_t:s0 > > > tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir type=AVC > > > msg=audit(1511920346.734:199): avc: denied { open } for pid=1067 > > > comm="systemd-logind" path="/run/user/998/dconf" dev="tmpfs" ino=14745 > > > scontext=system_u:system_r:systemd_logind_t:s0 > > > tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir type=AVC > > > msg=audit(1511920346.734:200): avc: denied { getattr } for pid=1067 > > > comm="systemd-logind" path="/run/user/998/dconf" dev="tmpfs" ino=14745 > > > scontext=system_u:system_r:systemd_logind_t:s0 > > > tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir type=AVC > > > msg=audit(1511920346.734:201): avc: denied { write } for pid=1067 > > > comm="systemd-logind" name="dconf" dev="tmpfs" ino=14745 > > > scontext=system_u:system_r:systemd_logind_t:s0 > > > tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir type=AVC > > > msg=audit(1511920346.734:201): avc: denied { remove_name } for > > > pid=1067 comm="systemd-logind" name="user" dev="tmpfs" ino=14746 > > > scontext=system_u:system_r:systemd_logind_t:s0 > > > tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir type=AVC > > > msg=audit(1511920346.734:201): avc: denied { unlink } for pid=1067 > > > comm="systemd-logind" name="user" dev="tmpfs" ino=14746 > > > scontext=system_u:system_r:systemd_logind_t:s0 > > > tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file type=AVC > > > msg=audit(1511920346.734:202): avc: denied { rmdir } for pid=1067 > > > comm="systemd-logind" name="dconf" dev="tmpfs" ino=14745 > > > scontext=system_u:system_r:systemd_logind_t:s0 > > > tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir > > > > > > Signed-off-by: Dave Sugar > > > --- > > > policy/modules/system/systemd.te | 1 + > > > 1 file changed, 1 insertion(+) > > > > > > diff --git a/policy/modules/system/systemd.te > > > b/policy/modules/system/systemd.te > > > index 5051b87c..6606d793 100644 > > > --- a/policy/modules/system/systemd.te > > > +++ b/policy/modules/system/systemd.te > > > @@ -481,6 +481,7 @@ optional_policy(` > > > xserver_dbus_chat(systemd_logind_t) > > > xserver_dbus_chat_xdm(systemd_logind_t) > > > xserver_read_xdm_state(systemd_logind_t) > > > + xserver_manage_xdm_tmp_files(systemd_logind_t) > > > > It only needs to be able to delete it. plus this applies for all of > > XDG_RUNTIME_DIR and so you might be able to use a higher-level solution > > for this > > Are you suggesting something like creating an attribute 'user_runtime_type' then assigning that attribute to xdm_tmp_t. Then create an interface to allow deletion of files 'user_runtime_type' rather than using the xserver_manage_xdm_tmp_file interface? > > I think that is what you are saying. There is already the interface 'userdom_delete_user_runtime_files' but I didn't see a way for xserver to create/write user_runtime_t files thus the filetrans commit. userdom_delete_user_runtime_files() probably wouldnt be good enough if the name implies what i think it does since: - only applies to files and logind needs to be able to delete whatever objects are there (dirs, lnk_files, sock_files, fifo_files, files) - seems to only apply to generic user_runtime_t type files? logind wants to empty (delete) all of $XDG_RUNTIME_DIR before it unmounts the tmpfs. > > > > > > ') > > > > > > optional_policy(` > > > -- > > > 2.13.6 > > > _______________________________________________ > > > refpolicy mailing list > > > refpolicy at oss.tresys.com > > > http://oss.tresys.com/mailman/listinfo/refpolicy > > > > -- > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > > Dominick Grift > > Dave Sugar > dsugar at tresys.com > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 659 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20171205/eb373058/attachment.bin