[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

ainit



The attached patch is needed for correct functionality of ainit with the 
latest strict policy when running reasonably recent rawhide packages.

Is this really what we want?  Having a system process allocate shared memory 
that can be used by any user processes?  Also it seems likely that other 
sound programs will need to access the shared memory in question.

There are three possible assumptions that we could make:

1)  Anyone who is serious about security doesn't use ALSA so such access 
doesn't matter that much.

2)  Sound devices are a channel for communication anyway so it doesn't really 
grant any new access.  NB  I don't know enough about sound programming to 
know whether this assumption is correct.  Does ALSA require that a shared 
memory segment be available to all programs that are accessing the sound 
device?  If so the assumption holds for ALSA.  Can an application stuff some 
data into the sound hardware without using the user-space code from ALSA in 
such a way that another application can read it?

3)  We need to have pam_console launch programs such as ainit in a context 
determined by the user role.


Option 3 might be the best one long-term.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
--- domains/program/alsa.te.orig	2005-07-20 17:08:26.000000000 +1000
+++ domains/program/alsa.te	2005-07-20 17:36:28.000000000 +1000
@@ -5,13 +5,20 @@
 #
 type alsa_t, domain, privlog, daemon;
 type alsa_exec_t, file_type, sysadmfile, exec_type;
+role system_r types alsa_t;
 uses_shlib(alsa_t)
+read_locale(alsa_t)
+dontaudit alsa_t var_t:dir search;
 allow alsa_t self:sem  create_sem_perms;
 allow alsa_t self:shm  create_shm_perms;
 allow alsa_t self:unix_stream_socket create_stream_socket_perms;
+allow alsa_t self:unix_dgram_socket create_socket_perms;
 type alsa_etc_rw_t, file_type, sysadmfile, usercanread;
 rw_dir_create_file(alsa_t,alsa_etc_rw_t)
-allow alsa_t self:capability { setgid setuid ipc_owner };
+allow alsa_t self:capability { setgid setuid ipc_owner sys_admin };
 allow alsa_t devpts_t:chr_file { read write };
 allow alsa_t etc_t:file { getattr read };
 domain_auto_trans(pam_console_t, alsa_exec_t, alsa_t)
+
+allow userdomain alsa_t:sem rw_sem_perms;
+allow userdomain alsa_t:shm { rw_shm_perms destroy };

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]