[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[redhat-lspp] Re: Update on Klaus' NetLabel/CIPSO policy module



Christopher J. PeBenito wrote:
> On Mon, 2006-08-07 at 15:37 -0400, Paul Moore wrote: 
>># sending NetLabel'd packets does not require a SELinux privilege, however,
>>#   receiving NetLabel'd packets does
>>allow user_t user_t:{ tcp_socket udp_socket } { recv_msg };
>>allow staff_t staff_t:{ tcp_socket udp_socket } { recv_msg };
>>allow sysadm_t sysadm_t:{ tcp_socket udp_socket } { recv_msg };
>  
> Do we really want to overload this permission?  It is still being used
> for send/receive on ports, e.g., 
> 
> allow httpd_t port_type:tcp_socket { send_msg recv_msg };
> 
> I realize these port perms are deprecated by secmark; however, these
> rules will still be around for a while for compatability.
> 

This came up earlier in the NetLabel patch discussions and in the end it
was deemed "okay".  While it does overload the existing permissions I
think it's new, "overloaded" use is in keeping with the original intent.

One of the goals of the NetLabel design was to try and minimize the
number of required policy changes.

>># netlink communications
>>allow netlabelctl_t self:netlink_socket { create bind write read };
> 
> This is like the generic socket; we don't want generic netlink sockets
> either, we want all sockets to be specific.  Netlink_socket is just a
> fallback for unspecified netlink sockets.
> 

Not sure there is much I do to fix this right now as the netdev folks
wanted NetLabel to use the generic netlink interface which does not
presently have any specific LSM hooks.  I think there was some talk on
netdev that James Morris was working on something for generic netlink
users but I'm not certain.

Regardless, until there are generic netlink LSM hooks there is not much
we can do here.

-- 
paul moore
linux security @ hp


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]