From: "Karl MacMillan" <kmacmillan@tresys.com>
To: <gyurdiev@redhat.com>
Cc: <selinux@tycho.nsa.gov>, "'Daniel J Walsh'" <dwalsh@redhat.com>
Subject: RE: file contexts and modularity
Date: Wed, 29 Jun 2005 14:17:26 -0400 [thread overview]
Message-ID: <200506291817.j5TIHQ7f013656@gotham.columbia.tresys.com> (raw)
In-Reply-To: <1120066109.20484.19.camel@celtics.boston.redhat.com>
> -----Original Message-----
> From: Ivan Gyurdiev [mailto:gyurdiev@redhat.com]
> Sent: Wednesday, June 29, 2005 1:28 PM
> To: Karl MacMillan
> Cc: selinux@tycho.nsa.gov; 'Daniel J Walsh'
> Subject: RE: file contexts and modularity
>
> The more I think about this, the more it seems to me that:
>
> 1) Expansions are important, and not to be considered a hack -
> they're our only way to create configurable locations,
> which we need, since users don't like to comply with our
> standard locations. Expansions don't necessarily relate to home
> directories, as I've pointed out.
>
I still don't agree with this - how do you know how to expand these if it is not
tied to a specific user? Additionally, all of this is caused by using file
contexts for runtime labeling, which I have pointed out repeatedly is a
questionable security practice.
> 2) We need a generic mechanism for installing
> such expansions, and checking those...
>
> 3) Performing expansion of template in matchpathcon seems
> fundamentally wrong to me. The expansion would be performed
> on every invocation, and that would be slow, and unnecessary -
> if it's already computed, why not use it?
>
Fundamentally wrong seems a little strong - this is just a space / time tradeoff
not a major architectural decision.
> 4) A context file for each user? Hmm...
> 500 users...500 files...concat those together?
> A large context file with all the users in it doesn't
> seem a whole lot better.
>
> [root@celtics files]# cat file_contexts|wc
> 2384 6045 102497
>
> [root@celtics files]# cat file_contexts.homedirs|grep root|wc
> 47 118 2755
>
> So... say we have a machine with 500 users.
> 500 * 47 = 23500 lines, or 10 times the size of the current
> file_contexts file, which takes forever to read (that's
> why install is so slow, right?)
>
> I don't think the current file_contexts approach scales too
> well with lots of users...
More importantly, we have just decided to remove specific user information from
the policy and leaving it in the file contexts seems strange.
Karl
---
Karl MacMillan
Tresys Technology
http://www.tresys.com
(410) 290-1411 ext 134
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-06-29 18:18 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-23 3:00 file contexts and modularity Ivan Gyurdiev
2005-06-23 17:37 ` Karl MacMillan
2005-06-23 18:05 ` Ivan Gyurdiev
2005-06-23 18:21 ` Karl MacMillan
2005-06-23 18:25 ` Ivan Gyurdiev
2005-06-23 18:40 ` Karl MacMillan
2005-06-23 19:00 ` Ivan Gyurdiev
2005-06-23 19:39 ` Karl MacMillan
2005-06-23 20:28 ` Ivan Gyurdiev
2005-06-23 20:36 ` Ivan Gyurdiev
2005-06-24 12:08 ` Stephen Smalley
2005-06-24 15:43 ` Ivan Gyurdiev
2005-06-24 18:32 ` Stephen Smalley
2005-06-24 18:37 ` Ivan Gyurdiev
2005-06-24 12:21 ` Stephen Smalley
2005-06-24 14:30 ` Karl MacMillan
2005-06-24 16:05 ` Karl MacMillan
2005-06-24 18:05 ` Frank Mayer
2005-06-24 18:40 ` Stephen Smalley
2005-06-28 15:41 ` Karl MacMillan
2005-06-28 16:21 ` Stephen Smalley
2005-06-24 15:51 ` Casey Schaufler
2005-06-24 16:36 ` Karl MacMillan
2005-06-24 16:47 ` Casey Schaufler
2005-06-24 16:56 ` Karl MacMillan
2005-06-24 17:10 ` Casey Schaufler
2005-06-24 15:39 ` Karl MacMillan
2005-06-24 16:03 ` Ivan Gyurdiev
2005-06-24 16:28 ` Karl MacMillan
2005-06-24 17:56 ` Ivan Gyurdiev
2005-06-27 15:07 ` Karl MacMillan
2005-06-27 15:36 ` Ivan Gyurdiev
2005-06-27 17:25 ` Karl MacMillan
2005-06-27 17:56 ` Ivan Gyurdiev
2005-06-28 13:47 ` Karl MacMillan
2005-06-28 19:31 ` Ivan Gyurdiev
2005-06-29 17:28 ` Ivan Gyurdiev
2005-06-29 18:17 ` Karl MacMillan [this message]
2005-06-29 18:46 ` Ivan Gyurdiev
2005-06-29 18:53 ` Stephen Smalley
2005-06-29 19:04 ` Karl MacMillan
2005-06-29 19:24 ` Ivan Gyurdiev
2005-06-29 19:50 ` Stephen Smalley
2005-06-29 20:03 ` Ivan Gyurdiev
2005-06-29 20:09 ` Stephen Smalley
2005-06-29 20:22 ` Ivan Gyurdiev
2005-06-30 13:54 ` Stephen Smalley
2005-06-29 20:22 ` Janak Desai
2005-06-29 20:43 ` Ivan Gyurdiev
2005-06-30 13:53 ` Ivan Gyurdiev
2005-06-30 13:58 ` Stephen Smalley
2005-06-30 14:48 ` Karl MacMillan
2005-06-30 14:52 ` Stephen Smalley
2005-06-30 13:56 ` Stephen Smalley
2005-06-29 20:13 ` Janak Desai
2005-06-30 0:40 ` Luke Kenneth Casson Leighton
2005-06-29 19:04 ` Karl MacMillan
2005-06-29 19:20 ` Ivan Gyurdiev
2005-06-24 5:03 ` Ivan Gyurdiev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200506291817.j5TIHQ7f013656@gotham.columbia.tresys.com \
--to=kmacmillan@tresys.com \
--cc=dwalsh@redhat.com \
--cc=gyurdiev@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.