SELinux issues

Stephen Smalley sds at epoch.ncsc.mil
Thu Apr 22 12:09:51 UTC 2004


On Wed, 2004-04-21 at 19:34, Colin Walters wrote:
> On Wed, 2004-04-21 at 18:57, Thomas Bleher wrote:
> > A full solution requires modifications to fam: it should check the
> > security context of the caller (like it does already with uid and gid)
> > and only monitor the files if they can be accessed by the caller.
> 
> Right - I think someone here looked at doing that and just gave up.  We
> have someone working on writing a new file monitoring system, hopefully
> something will happen there soon.

I don't know that it would be technically difficult to modify famd to
perform such checks (and SELinux does export an API for performing such
checks that is already used by other programs), but you would still have
a situation where famd would have to be highly trusted and a potential
conduit through which domains could communicate in violation of the
policy.  It would be preferable to instantiate separarate famd's per
client context.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list