From: Russell Coker <russell@coker.com.au>
To: Thomas Bleher <bleher@informatik.uni-muenchen.de>
Cc: SELinux <SELinux@tycho.nsa.gov>
Subject: Re: Adding alternate root patch to restorecon (setfiles?)
Date: Wed, 27 Oct 2004 00:36:14 +1000 [thread overview]
Message-ID: <200410270036.14935.russell@coker.com.au> (raw)
In-Reply-To: <20041025213122.GA2535@jmh.mhn.de>
[-- Attachment #1: Type: text/plain, Size: 1377 bytes --]
On Tue, 26 Oct 2004 07:31, Thomas Bleher <bleher@informatik.uni-muenchen.de>
wrote:
> OK, what do you guys think about the following patch:
> It adds an attribute $1_domain_file_type, so all file types from derived
> user domains can be grouped together. It also adds a restorecon_domain()
> macro, so users can call restorecon to reset the labels on their files.
I've attached a patch named "tom.diff" which applies after your patch to tweak
a few things. The new attribute allows a better way of dealing with the
locate policy so I changed it appropriately. I added some use of
sysadm_domain_file_type. Some of the types you had given the attribute
$1_domain_file_type seemed inappropriate, this includes the print spool type,
some temporary files, and files under /var/run.
Whether we have the user_restorecon_t domain etc is something that needs more
consideration. The attached patch named "diff" has the user_domain_file_type
stuff from your patch with my amendments but none of the restorecon changes.
I think that "diff" is worthy of being included in CVS regardless of what we
do with restorecon.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
[-- Attachment #2: tom.diff --]
[-- Type: text/x-diff, Size: 8609 bytes --]
diff -ru policy.tom/macros/program/apache_macros.te policy.new/macros/program/apache_macros.te
--- policy.tom/macros/program/apache_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/apache_macros.te 2004-10-26 23:19:27.000000000 +1000
@@ -21,7 +21,7 @@
ifelse($1, sys, `
#This type is for webpages
#
-type httpd_$1_content_t, file_type, homedirfile, sysadmfile;
+type httpd_$1_content_t, file_type, homedirfile, sysadmfile, sysadm_domain_file_type;
typealias httpd_sys_content_t alias httpd_sysadm_content_t;
# This type is used for .htaccess files
@@ -79,9 +79,9 @@
# The following are the only areas that
# scripts can read, read/write, or append to
#
-type httpd_$1_script_ro_t, file_type, sysadmfile;
-type httpd_$1_script_rw_t, file_type, sysadmfile;
-type httpd_$1_script_ra_t, file_type, sysadmfile;
+type httpd_$1_script_ro_t, file_type, sysadmfile, sysadm_domain_file_type;
+type httpd_$1_script_rw_t, file_type, sysadmfile, sysadm_domain_file_type;
+type httpd_$1_script_ra_t, file_type, sysadmfile, sysadm_domain_file_type;
', `
type httpd_$1_script_ro_t, file_type, sysadmfile, $1_domain_file_type;
type httpd_$1_script_rw_t, file_type, sysadmfile, $1_domain_file_type;
@@ -89,13 +89,6 @@
')
file_type_auto_trans(httpd_$1_script_t, tmp_t, httpd_$1_script_rw_t)
-ifdef(`slocate.te', `
-ifelse($1, `sys', `', `
-allow $1_locate_t { httpd_$1_content_t httpd_$1_htaccess_t httpd_$1_script_exec_t httpd_$1_script_ro_t httpd_$1_script_rw_t httpd_$1_script_ra_t }:dir { getattr search };
-allow $1_locate_t { httpd_$1_content_t httpd_$1_htaccess_t httpd_$1_script_exec_t httpd_$1_script_ro_t httpd_$1_script_rw_t httpd_$1_script_ra_t }:file { getattr read };
-')dnl end ifelse
-')dnl end slocate.te
-
#########################################################
# Permissions for running child processes and scripts
##########################################################
diff -ru policy.tom/macros/program/crond_macros.te policy.new/macros/program/crond_macros.te
--- policy.tom/macros/program/crond_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/crond_macros.te 2004-10-27 00:18:59.000000000 +1000
@@ -36,7 +36,7 @@
r_dir_file($1_crond_t, selinux_config_t)
# Type of user crontabs once moved to cron spool.
-type $1_cron_spool_t, file_type, sysadmfile ifelse($1, `system', `', `, $1_domain_file_type');
+type $1_cron_spool_t, file_type, sysadmfile;
ifdef(`fcron.te', `
allow crond_t $1_cron_spool_t:file create_file_perms;
diff -ru policy.tom/macros/program/irc_macros.te policy.new/macros/program/irc_macros.te
--- policy.tom/macros/program/irc_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/irc_macros.te 2004-10-26 23:46:34.000000000 +1000
@@ -27,11 +27,6 @@
type $1_home_irc_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
type $1_irc_exec_t, file_type, sysadmfile, $1_domain_file_type;
-ifdef(`slocate.te', `
-allow $1_locate_t { $1_home_irc_t $1_irc_exec_t }:dir { getattr search };
-allow $1_locate_t { $1_home_irc_t $1_irc_exec_t }:file { getattr read };
-')
-
allow $1_t { $1_home_irc_t $1_irc_exec_t }:file { relabelfrom relabelto create_file_perms };
# Transition from the user domain to this domain.
diff -ru policy.tom/macros/program/lpr_macros.te policy.new/macros/program/lpr_macros.te
--- policy.tom/macros/program/lpr_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/lpr_macros.te 2004-10-26 23:21:33.000000000 +1000
@@ -54,11 +54,11 @@
r_dir_file($1_lpr_t, printconf_t)
')
-tmp_domain($1_lpr, `, $1_domain_file_type')
+tmp_domain($1_lpr)
r_dir_file($1_lpr_t, $1_tmp_t)
# Type for spool files.
-type $1_print_spool_t, file_type, sysadmfile, $1_domain_file_type;
+type $1_print_spool_t, file_type, sysadmfile;
# Use this type when creating files in /var/spool/lpd and /var/spool/cups.
file_type_auto_trans($1_lpr_t, print_spool_t, $1_print_spool_t, file)
allow $1_lpr_t var_spool_t:dir { search };
diff -ru policy.tom/macros/program/screen_macros.te policy.new/macros/program/screen_macros.te
--- policy.tom/macros/program/screen_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/screen_macros.te 2004-10-26 23:22:33.000000000 +1000
@@ -31,7 +31,7 @@
# Transition from the user domain to this domain.
domain_auto_trans($1_t, screen_exec_t, $1_screen_t)
-tmp_domain($1_screen, `, $1_domain_file_type')
+tmp_domain($1_screen)
base_file_read_access($1_screen_t)
# The user role is authorized for this domain.
role $1_r types $1_screen_t;
@@ -72,7 +72,7 @@
# Create fifo
allow $1_screen_t var_t:dir search;
file_type_auto_trans($1_screen_t, var_run_t, screen_dir_t, dir)
-type $1_screen_var_run_t, file_type, sysadmfile, pidfile, $1_domain_file_type;
+type $1_screen_var_run_t, file_type, sysadmfile, pidfile;
file_type_auto_trans($1_screen_t, screen_dir_t, $1_screen_var_run_t, fifo_file)
allow $1_screen_t self:process { fork signal_perms };
diff -ru policy.tom/macros/program/slocate_macros.te policy.new/macros/program/slocate_macros.te
--- policy.tom/macros/program/slocate_macros.te 2004-09-03 14:10:35.000000000 +1000
+++ policy.new/macros/program/slocate_macros.te 2004-10-26 23:33:57.000000000 +1000
@@ -52,8 +52,8 @@
allow $1_locate_t $1_tty_device_t:chr_file rw_file_perms;
allow $1_locate_t $1_devpts_t:chr_file rw_file_perms;
-allow $1_locate_t { home_root_t $1_home_dir_t $1_home_t }:dir { getattr search };
-allow $1_locate_t $1_home_t:{ file lnk_file } { getattr read };
+allow $1_locate_t $1_domain_file_type:dir { getattr search };
+allow $1_locate_t $1_domain_file_type:{ file lnk_file sock_file fifo_file } { getattr read };
base_file_read_access($1_locate_t)
r_dir_file($1_locate_t, { etc_t lib_t var_t })
diff -ru policy.tom/macros/program/ssh_macros.te policy.new/macros/program/ssh_macros.te
--- policy.tom/macros/program/ssh_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/ssh_macros.te 2004-10-26 23:46:14.000000000 +1000
@@ -115,11 +115,6 @@
r_dir_file({ sshd_t sshd_extern_t }, $1_home_ssh_t)
rw_dir_create_file($1_t, $1_home_ssh_t)
-ifdef(`slocate.te', `
-allow $1_locate_t $1_home_ssh_t:dir { getattr search };
-allow $1_locate_t $1_home_ssh_t:file { getattr read };
-')
-
# for /bin/sh used to execute xauth
dontaudit $1_ssh_t proc_t:dir search;
dontaudit $1_ssh_t proc_t:{ lnk_file file } { getattr read };
diff -ru policy.tom/macros/program/uml_macros.te policy.new/macros/program/uml_macros.te
--- policy.tom/macros/program/uml_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/uml_macros.te 2004-10-26 23:46:42.000000000 +1000
@@ -29,11 +29,6 @@
type $1_uml_ro_t, file_type, sysadmfile, $1_domain_file_type;
type $1_uml_rw_t, file_type, sysadmfile, $1_domain_file_type;
-ifdef(`slocate.te', `
-allow $1_locate_t { $1_uml_exec_t $1_uml_ro_t $1_uml_rw_t }:dir { getattr search };
-allow $1_locate_t { $1_uml_exec_t $1_uml_ro_t $1_uml_rw_t }:file { getattr read };
-')
-
can_ptrace($1_t, $1_uml_t)
# for X
diff -ru policy.tom/macros/program/x_client_macros.te policy.new/macros/program/x_client_macros.te
--- policy.tom/macros/program/x_client_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/x_client_macros.te 2004-10-26 23:46:20.000000000 +1000
@@ -81,11 +81,6 @@
allow $1_t $1_$2_ro_t:fifo_file create_file_perms;
allow $1_t $1_$2_ro_t:{ dir file lnk_file } { relabelto relabelfrom };
-ifdef(`slocate.te', `
-allow $1_locate_t { $1_$2_ro_t $1_$2_rw_t }:dir { getattr search };
-allow $1_locate_t { $1_$2_ro_t $1_$2_rw_t }:file { getattr read };
-')
-
# Allow the user domain to send any signal to the $2 process.
allow $1_t $1_$2_t:process signal_perms;
diff -ru policy.tom/macros/program/xauth_macros.te policy.new/macros/program/xauth_macros.te
--- policy.tom/macros/program/xauth_macros.te 2004-10-26 23:20:42.000000000 +1000
+++ policy.new/macros/program/xauth_macros.te 2004-10-26 23:46:26.000000000 +1000
@@ -26,10 +26,6 @@
type $1_xauth_t, domain;
type $1_home_xauth_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
-ifdef(`slocate.te', `
-allow $1_locate_t $1_home_xauth_t:file { getattr read };
-')
-
allow $1_xauth_t self:process signal;
allow $1_t $1_home_xauth_t:file { relabelfrom relabelto create_file_perms };
@@ -84,7 +80,7 @@
allow $1_xauth_t home_root_t:dir search;
file_type_auto_trans($1_xauth_t, $1_home_dir_t, $1_home_xauth_t, file)
-tmp_domain($1_xauth, `, $1_domain_file_type')
+tmp_domain($1_xauth)
allow $1_xauth_t $1_tmp_t:file { getattr ioctl read };
ifdef(`nfs_home_dirs', `
[-- Attachment #3: diff --]
[-- Type: text/x-diff, Size: 15166 bytes --]
diff -ru policy/macros/admin_macros.te policy.new/macros/admin_macros.te
--- policy/macros/admin_macros.te 2004-10-02 03:36:13.000000000 +1000
+++ policy.new/macros/admin_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -14,9 +14,12 @@
#
undefine(`admin_domain')
define(`admin_domain',`
+# define an attribute for all files created by this role
+attribute $1_domain_file_type;
+
# Type for home directory.
-type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type;
-type $1_home_t, file_type, sysadmfile, home_type;
+type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type, $1_domain_file_type;
+type $1_home_t, file_type, sysadmfile, home_type, $1_domain_file_type;
# Type and access for pty devices.
can_create_pty($1)
diff -ru policy/macros/program/apache_macros.te policy.new/macros/program/apache_macros.te
--- policy/macros/program/apache_macros.te 2004-10-15 14:57:20.000000000 +1000
+++ policy.new/macros/program/apache_macros.te 2004-10-26 23:19:27.000000000 +1000
@@ -18,18 +18,23 @@
file_type_auto_trans(httpd_$1_script_t, tmp_t, $1_tmp_t)
', `
+ifelse($1, sys, `
#This type is for webpages
#
-type httpd_$1_content_t, file_type, homedirfile, sysadmfile;
-ifelse($1, sys, `
+type httpd_$1_content_t, file_type, homedirfile, sysadmfile, sysadm_domain_file_type;
typealias httpd_sys_content_t alias httpd_sysadm_content_t;
-')
# This type is used for .htaccess files
#
type httpd_$1_htaccess_t, file_type, sysadmfile;
type httpd_$1_script_exec_t, file_type, sysadmfile;
+', `
+# same as above, add $1_domain_file_type attribute
+type httpd_$1_content_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
+type httpd_$1_htaccess_t, file_type, sysadmfile, $1_domain_file_type;
+type httpd_$1_script_exec_t, file_type, sysadmfile, $1_domain_file_type;
+')
# Type that CGI scripts run as
type httpd_$1_script_t, domain, privmail;
@@ -69,20 +74,20 @@
uncond_can_ypbind(httpd_$1_script_t)
}
')
+
+ifelse($1, `sys', `
# The following are the only areas that
# scripts can read, read/write, or append to
#
-type httpd_$1_script_ro_t, file_type, sysadmfile;
-type httpd_$1_script_rw_t, file_type, sysadmfile;
+type httpd_$1_script_ro_t, file_type, sysadmfile, sysadm_domain_file_type;
+type httpd_$1_script_rw_t, file_type, sysadmfile, sysadm_domain_file_type;
+type httpd_$1_script_ra_t, file_type, sysadmfile, sysadm_domain_file_type;
+', `
+type httpd_$1_script_ro_t, file_type, sysadmfile, $1_domain_file_type;
+type httpd_$1_script_rw_t, file_type, sysadmfile, $1_domain_file_type;
+type httpd_$1_script_ra_t, file_type, sysadmfile, $1_domain_file_type;
+')
file_type_auto_trans(httpd_$1_script_t, tmp_t, httpd_$1_script_rw_t)
-type httpd_$1_script_ra_t, file_type, sysadmfile;
-
-ifdef(`slocate.te', `
-ifelse($1, `sys', `', `
-allow $1_locate_t { httpd_$1_content_t httpd_$1_htaccess_t httpd_$1_script_exec_t httpd_$1_script_ro_t httpd_$1_script_rw_t httpd_$1_script_ra_t }:dir { getattr search };
-allow $1_locate_t { httpd_$1_content_t httpd_$1_htaccess_t httpd_$1_script_exec_t httpd_$1_script_ro_t httpd_$1_script_rw_t httpd_$1_script_ra_t }:file { getattr read };
-')dnl end ifelse
-')dnl end slocate.te
#########################################################
# Permissions for running child processes and scripts
diff -ru policy/macros/program/fingerd_macros.te policy.new/macros/program/fingerd_macros.te
--- policy/macros/program/fingerd_macros.te 2003-08-14 22:37:36.000000000 +1000
+++ policy.new/macros/program/fingerd_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -10,6 +10,6 @@
# allow fingerd to create a fingerlog file in the user home dir
#
define(`fingerd_macro', `
-type $1_home_fingerlog_t, file_type, sysadmfile;
+type $1_home_fingerlog_t, file_type, sysadmfile, $1_domain_file_type;
file_type_auto_trans(fingerd_t, $1_home_dir_t, $1_home_fingerlog_t)
')
diff -ru policy/macros/program/gpg_agent_macros.te policy.new/macros/program/gpg_agent_macros.te
--- policy/macros/program/gpg_agent_macros.te 2004-09-21 14:39:17.000000000 +1000
+++ policy.new/macros/program/gpg_agent_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -58,7 +58,7 @@
allow $1_gpg_agent_t self:fifo_file { getattr read write };
# create /tmp files
-tmp_domain($1_gpg_agent)
+tmp_domain($1_gpg_agent, `, $1_domain_file_type')
# gpg connect
allow $1_gpg_t $1_gpg_agent_tmp_t:dir { search };
diff -ru policy/macros/program/gpg_macros.te policy.new/macros/program/gpg_macros.te
--- policy/macros/program/gpg_macros.te 2004-08-28 12:05:12.000000000 +1000
+++ policy.new/macros/program/gpg_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -25,7 +25,7 @@
allow $1_t self:capability { setuid };
', `
type $1_gpg_t, domain, privlog;
-type $1_gpg_secret_t, file_type, homedirfile, sysadmfile;
+type $1_gpg_secret_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
')dnl end ifdef single_userdomain
# Transition from the user domain to the derived domain.
diff -ru policy/macros/program/irc_macros.te policy.new/macros/program/irc_macros.te
--- policy/macros/program/irc_macros.te 2004-03-27 00:46:45.000000000 +1100
+++ policy.new/macros/program/irc_macros.te 2004-10-26 23:46:34.000000000 +1000
@@ -24,13 +24,8 @@
', `
# Derived domain based on the calling user domain and the program.
type $1_irc_t, domain;
-type $1_home_irc_t, file_type, homedirfile, sysadmfile;
-type $1_irc_exec_t, file_type, sysadmfile;
-
-ifdef(`slocate.te', `
-allow $1_locate_t { $1_home_irc_t $1_irc_exec_t }:dir { getattr search };
-allow $1_locate_t { $1_home_irc_t $1_irc_exec_t }:file { getattr read };
-')
+type $1_home_irc_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
+type $1_irc_exec_t, file_type, sysadmfile, $1_domain_file_type;
allow $1_t { $1_home_irc_t $1_irc_exec_t }:file { relabelfrom relabelto create_file_perms };
diff -ru policy/macros/program/rssh_macros.te policy.new/macros/program/rssh_macros.te
--- policy/macros/program/rssh_macros.te 2004-09-23 22:31:25.000000000 +1000
+++ policy.new/macros/program/rssh_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -19,8 +19,8 @@
role rssh_$1_r types rssh_$1_t;
allow system_r rssh_$1_r;
-type rssh_$1_rw_t, file_type, sysadmfile;
-type rssh_$1_ro_t, file_type, sysadmfile;
+type rssh_$1_rw_t, file_type, sysadmfile, $1_domain_file_type;
+type rssh_$1_ro_t, file_type, sysadmfile, $1_domain_file_type;
general_domain_access(rssh_$1_t);
uses_shlib(rssh_$1_t);
diff -ru policy/macros/program/screen_macros.te policy.new/macros/program/screen_macros.te
--- policy/macros/program/screen_macros.te 2004-10-02 03:36:13.000000000 +1000
+++ policy.new/macros/program/screen_macros.te 2004-10-26 23:22:33.000000000 +1000
@@ -26,7 +26,7 @@
typealias $1_home_t alias $1_home_screen_t;
', `
type $1_screen_t, domain, privlog, privfd;
-type $1_home_screen_t, file_type, homedirfile, sysadmfile;
+type $1_home_screen_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
# Transition from the user domain to this domain.
domain_auto_trans($1_t, screen_exec_t, $1_screen_t)
diff -ru policy/macros/program/slocate_macros.te policy.new/macros/program/slocate_macros.te
--- policy/macros/program/slocate_macros.te 2004-09-03 14:10:35.000000000 +1000
+++ policy.new/macros/program/slocate_macros.te 2004-10-26 23:33:57.000000000 +1000
@@ -52,8 +52,8 @@
allow $1_locate_t $1_tty_device_t:chr_file rw_file_perms;
allow $1_locate_t $1_devpts_t:chr_file rw_file_perms;
-allow $1_locate_t { home_root_t $1_home_dir_t $1_home_t }:dir { getattr search };
-allow $1_locate_t $1_home_t:{ file lnk_file } { getattr read };
+allow $1_locate_t $1_domain_file_type:dir { getattr search };
+allow $1_locate_t $1_domain_file_type:{ file lnk_file sock_file fifo_file } { getattr read };
base_file_read_access($1_locate_t)
r_dir_file($1_locate_t, { etc_t lib_t var_t })
diff -ru policy/macros/program/spamassassin_macros.te policy.new/macros/program/spamassassin_macros.te
--- policy/macros/program/spamassassin_macros.te 2004-10-14 10:10:03.000000000 +1000
+++ policy.new/macros/program/spamassassin_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -80,7 +80,7 @@
dontaudit $1_spamassassin_t { sysctl_t sysctl_kernel_t }:dir search;
# The type of ~/.spamassassin
-type $1_home_spamassassin_t, file_type, homedirfile, sysadmfile;
+type $1_home_spamassassin_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
create_dir_file($1_t, $1_home_spamassassin_t)
allow $1_t $1_home_spamassassin_t:notdevfile_class_set { relabelfrom relabelto };
allow $1_t $1_home_spamassassin_t:dir { relabelfrom relabelto };
diff -ru policy/macros/program/ssh_macros.te policy.new/macros/program/ssh_macros.te
--- policy/macros/program/ssh_macros.te 2004-10-15 14:57:20.000000000 +1000
+++ policy.new/macros/program/ssh_macros.te 2004-10-26 23:46:14.000000000 +1000
@@ -26,7 +26,7 @@
', `
# Derived domain based on the calling user domain and the program.
type $1_ssh_t, domain, privlog;
-type $1_home_ssh_t, file_type, homedirfile, sysadmfile;
+type $1_home_ssh_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
ifdef(`automount.te', `
allow $1_ssh_t autofs_t:dir { search getattr };
@@ -115,11 +115,6 @@
r_dir_file({ sshd_t sshd_extern_t }, $1_home_ssh_t)
rw_dir_create_file($1_t, $1_home_ssh_t)
-ifdef(`slocate.te', `
-allow $1_locate_t $1_home_ssh_t:dir { getattr search };
-allow $1_locate_t $1_home_ssh_t:file { getattr read };
-')
-
# for /bin/sh used to execute xauth
dontaudit $1_ssh_t proc_t:dir search;
dontaudit $1_ssh_t proc_t:{ lnk_file file } { getattr read };
diff -ru policy/macros/program/tvtime_macros.te policy.new/macros/program/tvtime_macros.te
--- policy/macros/program/tvtime_macros.te 2004-10-06 04:52:36.000000000 +1000
+++ policy.new/macros/program/tvtime_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -19,7 +19,7 @@
ifdef(`tvtime.te', `
define(`tvtime_domain',`
# Derived domain based on the calling user domain and the program.
-type $1_home_tvtime_t, file_type, homedirfile, sysadmfile;
+type $1_home_tvtime_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
x_client_domain($1, tvtime)
diff -ru policy/macros/program/uml_macros.te policy.new/macros/program/uml_macros.te
--- policy/macros/program/uml_macros.te 2004-07-13 09:08:07.000000000 +1000
+++ policy.new/macros/program/uml_macros.te 2004-10-26 23:46:42.000000000 +1000
@@ -25,14 +25,9 @@
', `
# Derived domain based on the calling user domain and the program.
type $1_uml_t, domain;
-type $1_uml_exec_t, file_type, sysadmfile;
-type $1_uml_ro_t, file_type, sysadmfile;
-type $1_uml_rw_t, file_type, sysadmfile;
-
-ifdef(`slocate.te', `
-allow $1_locate_t { $1_uml_exec_t $1_uml_ro_t $1_uml_rw_t }:dir { getattr search };
-allow $1_locate_t { $1_uml_exec_t $1_uml_ro_t $1_uml_rw_t }:file { getattr read };
-')
+type $1_uml_exec_t, file_type, sysadmfile, $1_domain_file_type;
+type $1_uml_ro_t, file_type, sysadmfile, $1_domain_file_type;
+type $1_uml_rw_t, file_type, sysadmfile, $1_domain_file_type;
can_ptrace($1_t, $1_uml_t)
diff -ru policy/macros/program/vmware_macros.te policy.new/macros/program/vmware_macros.te
--- policy/macros/program/vmware_macros.te 2004-09-25 01:42:14.000000000 +1000
+++ policy.new/macros/program/vmware_macros.te 2004-10-26 23:15:16.000000000 +1000
@@ -23,10 +23,10 @@
role $1_r types $1_vmware_t;
# The user file type is for files created when the user is running VMWare
-type $1_vmware_file_t, homedirfile, file_type, sysadmfile;
+type $1_vmware_file_t, homedirfile, file_type, sysadmfile, $1_domain_file_type;
# The user file type for the VMWare configuration files
-type $1_vmware_conf_t, homedirfile, file_type, sysadmfile;
+type $1_vmware_conf_t, homedirfile, file_type, sysadmfile, $1_domain_file_type;
# for compatibility with older policy versions
typealias $1_vmware_t alias vmware_$1_t;
diff -ru policy/macros/program/x_client_macros.te policy.new/macros/program/x_client_macros.te
--- policy/macros/program/x_client_macros.te 2004-09-11 16:21:48.000000000 +1000
+++ policy.new/macros/program/x_client_macros.te 2004-10-26 23:46:20.000000000 +1000
@@ -30,9 +30,9 @@
', `
type $1_$2_t, domain $3;
# Type for files that are writeable by this domain.
-type $1_$2_rw_t, file_type, homedirfile, sysadmfile, tmpfile;
+type $1_$2_rw_t, file_type, homedirfile, sysadmfile, tmpfile, $1_domain_file_type;
# Type for files that are read-only for this domain
-type $1_$2_ro_t, file_type, homedirfile, sysadmfile;
+type $1_$2_ro_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
')
# Transition from the user domain to the derived domain.
@@ -81,11 +81,6 @@
allow $1_t $1_$2_ro_t:fifo_file create_file_perms;
allow $1_t $1_$2_ro_t:{ dir file lnk_file } { relabelto relabelfrom };
-ifdef(`slocate.te', `
-allow $1_locate_t { $1_$2_ro_t $1_$2_rw_t }:dir { getattr search };
-allow $1_locate_t { $1_$2_ro_t $1_$2_rw_t }:file { getattr read };
-')
-
# Allow the user domain to send any signal to the $2 process.
allow $1_t $1_$2_t:process signal_perms;
diff -ru policy/macros/program/xauth_macros.te policy.new/macros/program/xauth_macros.te
--- policy/macros/program/xauth_macros.te 2004-06-17 15:10:45.000000000 +1000
+++ policy.new/macros/program/xauth_macros.te 2004-10-26 23:46:26.000000000 +1000
@@ -24,11 +24,7 @@
', `
# Derived domain based on the calling user domain and the program.
type $1_xauth_t, domain;
-type $1_home_xauth_t, file_type, homedirfile, sysadmfile;
-
-ifdef(`slocate.te', `
-allow $1_locate_t $1_home_xauth_t:file { getattr read };
-')
+type $1_home_xauth_t, file_type, homedirfile, sysadmfile, $1_domain_file_type;
allow $1_xauth_t self:process signal;
diff -ru policy/macros/user_macros.te policy.new/macros/user_macros.te
--- policy/macros/user_macros.te 2004-10-20 09:31:18.000000000 +1000
+++ policy.new/macros/user_macros.te 2004-10-27 00:20:47.000000000 +1000
@@ -23,16 +23,16 @@
')dnl end single_userdomain
# Type for home directory.
-type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type, user_home_dir_type;
-type $1_home_t, file_type, sysadmfile, home_type, user_home_type;
+type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type, user_home_dir_type, $1_domain_file_type;
+type $1_home_t, file_type, sysadmfile, home_type, user_home_type, $1_domain_file_type;
-tmp_domain($1, `, user_tmpfile')
+tmp_domain($1, `, user_tmpfile, $1_domain_file_type')
# Type and access for pty devices.
-can_create_pty($1, `, userpty_type, user_tty_type')
+can_create_pty($1, `, userpty_type, user_tty_type, $1_domain_file_type')
#Type for tty devices.
-type $1_tty_device_t, file_type, sysadmfile, ttyfile, user_tty_type, dev_fs;
+type $1_tty_device_t, file_type, sysadmfile, ttyfile, user_tty_type, dev_fs, $1_domain_file_type;
base_user_domain($1)
@@ -135,6 +135,9 @@
# user_t/$1_t is an unprivileged users domain.
type $1_t, domain, userdomain, unpriv_userdomain, web_client_domain, nscd_client_domain, privfd;
+# define an attribute for all files created by this role
+attribute $1_domain_file_type;
+
# Grant read/search permissions to some of /proc.
allow $1_t proc_t:dir r_dir_perms;
allow $1_t proc_t:{ file lnk_file } r_file_perms;
next prev parent reply other threads:[~2004-10-26 14:36 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-18 19:31 Adding alternate root patch to restorecon (setfiles?) Daniel J Walsh
2004-10-18 19:55 ` Stephen Smalley
2004-10-18 20:11 ` Daniel J Walsh
2004-10-18 20:51 ` Thomas Bleher
2004-10-19 13:33 ` Daniel J Walsh
2004-10-19 18:36 ` Luke Kenneth Casson Leighton
2004-10-19 18:26 ` Stephen Smalley
2004-10-19 20:27 ` Luke Kenneth Casson Leighton
2004-10-25 15:35 ` Russell Coker
2004-10-25 15:38 ` Russell Coker
2004-10-25 21:31 ` Thomas Bleher
2004-10-26 14:36 ` Russell Coker [this message]
2004-11-05 21:39 ` James Carter
2004-11-06 5:23 ` Remaining changes from my patch excluding can_network changes Daniel J Walsh
2004-11-08 17:33 ` Small patch to allow pam_console handle /dev/pmu Daniel J Walsh
2004-11-08 21:21 ` James Carter
2004-11-08 21:21 ` Remaining changes from my patch excluding can_network changes James Carter
2004-11-06 5:33 ` can_network patch Daniel J Walsh
2004-11-09 21:34 ` James Carter
2004-11-09 22:15 ` Daniel J Walsh
2004-11-06 10:40 ` Adding alternate root patch to restorecon (setfiles?) Thomas Bleher
2004-11-10 23:11 ` Patches without the can_network patch Daniel J Walsh
2004-11-10 23:38 ` Thomas Bleher
2004-11-17 20:15 ` James Carter
2004-11-18 14:32 ` Daniel J Walsh
2004-11-18 19:43 ` Thomas Bleher
2004-11-18 19:50 ` Daniel J Walsh
2004-11-18 19:59 ` Thomas Bleher
2004-11-19 22:05 ` James Carter
2004-11-18 14:33 ` Daniel J Walsh
2004-11-23 18:52 ` James Carter
2004-11-23 19:06 ` Stephen Smalley
2004-11-23 19:37 ` Daniel J Walsh
2004-11-23 20:07 ` Stephen Smalley
2004-11-25 19:40 ` Russell Coker
2004-11-26 11:55 ` Daniel J Walsh
2004-11-24 16:22 ` Daniel J Walsh
2004-11-24 16:39 ` Stephen Smalley
2004-11-24 16:54 ` Daniel J Walsh
2004-12-10 15:43 ` Stephen Smalley
2004-12-10 17:06 ` Daniel J Walsh
2004-12-10 17:10 ` Stephen Smalley
2004-12-10 18:01 ` Daniel J Walsh
2004-12-10 18:02 ` Stephen Smalley
2004-12-10 18:13 ` Daniel J Walsh
2004-12-10 18:11 ` Russell Coker
2004-12-10 19:11 ` Thomas Bleher
2004-12-10 20:23 ` James Carter
2004-12-10 21:39 ` Valdis.Kletnieks
2004-12-13 12:18 ` David Caplan
2004-12-10 21:01 ` Valdis.Kletnieks
2004-12-10 23:47 ` Russell Coker
2004-11-24 19:48 ` James Carter
2004-11-24 20:24 ` Daniel J Walsh
2004-11-30 21:19 ` Reissue previous patch Daniel J Walsh
2004-12-02 13:54 ` James Carter
2004-12-02 14:16 ` Daniel J Walsh
2004-12-02 15:51 ` Stephen Smalley
2004-12-02 18:35 ` Daniel J Walsh
2004-12-02 17:51 ` James Carter
2004-12-02 19:27 ` Latest patch Daniel J Walsh
2004-12-03 13:40 ` James Carter
2004-11-17 23:35 ` Patches without the can_network patch Kodungallur Varma
2004-10-18 19:36 Adding alternate root patch to restorecon (setfiles?) Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200410270036.14935.russell@coker.com.au \
--to=russell@coker.com.au \
--cc=SELinux@tycho.nsa.gov \
--cc=bleher@informatik.uni-muenchen.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.