[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora Core 4



On Mon, 2005-01-17 at 05:27 -0800, Karsten Wade wrote:
> On Sat, 2005-01-15 at 10:32 -0500, Sean Middleditch wrote:
> > On Sat, 2005-01-15 at 17:29 +0530, Rahul Sundaram wrote:
> > > Hi
> > > > 
> > > > - SELinux Episode III: Revenge of the AVC
> > > 
> > > how about gui integration with gnome by letting nautllus show security
> > > contexts and manipulate them using chcon, fixfiles etc as the backend.
> > 
> > That sounds like a pretty bad idea in general, actually - the last thing
> > you need is for the state of your file contexts to ever get out of sync
> > with your configuration files.  Besides, you'd need to have some pretty
> > highly elevated privileges to even perform those tasks, and SELinux
> > eventually should probably make sure no GUI tool can ever even have
> > those privileges, except for the ones specifically designed for SELinux
> > administration (like you say below).
> 
> Sword edge balancing time.  There are a number of customizable types,
> that is, ones which an end-user might need to manipulate.  These are a
> small set of the overall types, but they are important for sharing data
> over SMB, FTP, HTTP, etc.

That doesn't make much sense - there is no good reason at all for a user
to need to muck around with SELinux to perform basic file sharing, and
general administration tasks are going to need more than simply setting
contexts in Nautilus.

Besides, changing them in Nautilus *WILL* break the system, because the
second a package upgrade for selinux policies comes in and restorecon is
run all of their customized settings will be erased.  You have to edit
the actual policy control files, and Nautilus is, beyond any doubt, an
application that should never, ever be modifying those files.  That
would be like Apache having rights to edit /etc/passwd and /etc/shadow
because the web master might want to change login information for some
web users...

> 
> End users need to be able to run chcon.  Just as with DAC, they may
> occasionally mess up the permissions.  It would be nice for them if
> Nautilus supported chcon on the backend, while of course displaying the
> contexts.

The only way they *could* mess them up is if they use root-access in a
shell, in which case, they should use the same method to fix it.

> 
> For anything that involves relabeling the file system, that sounds like
> it would be better used in an s-c-selinux that requires root/sysadm_r.
> 
> - Karsten
> -- 
> Karsten Wade, RHCE, Sr. Tech Writer
> a lemon is just a melon in disguise
> http://people.redhat.com/kwade/
> gpg fingerprint: 2680 DBFD D968 3141 0115  5F1B D992 0E06 AD0E 0C41
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]