Lower Process Capabilities
Stephen Smalley
sds at tycho.nsa.gov
Wed Jul 29 13:10:09 UTC 2009
On Wed, 2009-07-29 at 23:01 +1000, James Morris wrote:
> On Wed, 29 Jul 2009, Stephen Smalley wrote:
>
> > So I think the only piece of the proposal that is orthogonal to SELinux
> > is privilege bracketing within the program (dropping caps after use).
> > But the changes to the file and directory permissions seem more
> > questionable.
>
> Once we have access control on policy itself, we may be able to provide an
> API where an application can toggle a boolean on itself, e.g. to perform
> one action with broader permissions, then switch to a tighter set of
> permissions. This might be implementable in a way which also prevents
> applications from ever gaining more permissions (via typebounds).
We can actually already apply fine-grained access control on temporary
changes to booleans - just specify a distinct label for the boolean in
policy (via genfscon selinuxfs entries) and then control who can write
to that file type.
However, note that such changes affect all processes running in a given
domain, so it isn't precisely the same thing as process privilege
bracketing.
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list