runcon vs newrole
Clarkson, Mike R (US SSA)
mike.clarkson at baesystems.com
Tue May 22 20:26:35 UTC 2007
Thanks for the response.
Based on your comments, am I correct in thinking that it is better to
provide trusted selinux aware domains access to runcon rather than
newrole, since runcon will restrict those domains to do only what the
selinux policy allows?
> -----Original Message-----
> From: Stephen Smalley [mailto:sds at tycho.nsa.gov]
> Sent: Monday, May 21, 2007 12:02 PM
> To: Daniel J Walsh
> Cc: Clarkson, Mike R (US SSA); fedora-selinux-list at redhat.com
> Subject: Re: runcon vs newrole
>
> On Tue, 2007-05-15 at 14:24 -0400, Daniel J Walsh wrote:
> > Clarkson, Mike R (US SSA) wrote:
> > > What are the differences between and advantages/disadvantages of
the
> > > following two commands:
> > >
> > > runcon -l s1 <cmd>
> > > newrole -l s1 --c <cmd>
> > >
> > >
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >
> > Of the top of my head
> >
> > newrole will change the terminal to the level you want to output.
So if
> > the app read/writes to the terminal it will work.
> >
> > runcon will not so terminal apps will fail. Writing SystemHigh to a
> > SystemLow terminal should not work.
>
> Further, newrole runs in its own domain and allows for transitions
from
> less privileged contexts to more privileged contexts, while runcon
runs
> in the caller's domain and requires the caller to already be
> sufficiently privileged to directly make the transition.
>
> --
> Stephen Smalley
> National Security Agency
More information about the fedora-selinux-list
mailing list