From: "Karl MacMillan" <kmacmillan@tresys.com>
To: <gyurdiev@redhat.com>
Cc: <selinux@tycho.nsa.gov>, "'Daniel J Walsh'" <dwalsh@redhat.com>
Subject: RE: file contexts and modularity
Date: Wed, 29 Jun 2005 15:04:03 -0400 [thread overview]
Message-ID: <200506291904.j5TJ447f019254@gotham.columbia.tresys.com> (raw)
In-Reply-To: <1120070819.20484.40.camel@celtics.boston.redhat.com>
> -----Original Message-----
> From: Ivan Gyurdiev [mailto:gyurdiev@redhat.com]
> Sent: Wednesday, June 29, 2005 2:47 PM
> To: Karl MacMillan
> Cc: selinux@tycho.nsa.gov; 'Daniel J Walsh'
> Subject: RE: file contexts and modularity
>
> > Additionally, all of this is caused by using file
> > contexts for runtime labeling, which I have pointed out repeatedly is a
> > questionable security practice.
>
> You've done no such thing - you've pointed out that
> automated relabeling without timing control by the sysadmin
> is potentially dangerous. I don't see why that means that
> automated relabeling (as in..performed internally, and not by
> chcon) in general is a bad thing. I'm not sure what you mean by
> "runtime labeling".
>
If there was no expectation that the user home directories would not be
relabeled (e.g., via restorecon) as a normal part of running a system then there
would be no reason to generate the file contexts. The home directory would be
labeled upon creation.
As for the general concept of runtime labeling - I mean labeling other than at
initialization time (system installation, user addition, etc.). I have often
argued against runtime labeling - maybe not in this thread but other places. It
is often unsafe and leads towards discretionary access control.
I'm not certain this is possible in the real world, but I think it is the
correct goal.
> > More importantly, we have just decided to remove specific user information
> from
> > the policy and leaving it in the file contexts seems strange.
>
> The file contexts serves a different purpose.
> I agree with you in that I don't like having hundreds of files there,
> but at the same time I don't see an alternative.
Different purpose, but the file contexts are closely tied to the policy.
Karl
---
Karl MacMillan
Tresys Technology
http://www.tresys.com
(410) 290-1411 ext 134
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-06-29 19:05 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-23 3:00 file contexts and modularity Ivan Gyurdiev
2005-06-23 17:37 ` Karl MacMillan
2005-06-23 18:05 ` Ivan Gyurdiev
2005-06-23 18:21 ` Karl MacMillan
2005-06-23 18:25 ` Ivan Gyurdiev
2005-06-23 18:40 ` Karl MacMillan
2005-06-23 19:00 ` Ivan Gyurdiev
2005-06-23 19:39 ` Karl MacMillan
2005-06-23 20:28 ` Ivan Gyurdiev
2005-06-23 20:36 ` Ivan Gyurdiev
2005-06-24 12:08 ` Stephen Smalley
2005-06-24 15:43 ` Ivan Gyurdiev
2005-06-24 18:32 ` Stephen Smalley
2005-06-24 18:37 ` Ivan Gyurdiev
2005-06-24 12:21 ` Stephen Smalley
2005-06-24 14:30 ` Karl MacMillan
2005-06-24 16:05 ` Karl MacMillan
2005-06-24 18:05 ` Frank Mayer
2005-06-24 18:40 ` Stephen Smalley
2005-06-28 15:41 ` Karl MacMillan
2005-06-28 16:21 ` Stephen Smalley
2005-06-24 15:51 ` Casey Schaufler
2005-06-24 16:36 ` Karl MacMillan
2005-06-24 16:47 ` Casey Schaufler
2005-06-24 16:56 ` Karl MacMillan
2005-06-24 17:10 ` Casey Schaufler
2005-06-24 15:39 ` Karl MacMillan
2005-06-24 16:03 ` Ivan Gyurdiev
2005-06-24 16:28 ` Karl MacMillan
2005-06-24 17:56 ` Ivan Gyurdiev
2005-06-27 15:07 ` Karl MacMillan
2005-06-27 15:36 ` Ivan Gyurdiev
2005-06-27 17:25 ` Karl MacMillan
2005-06-27 17:56 ` Ivan Gyurdiev
2005-06-28 13:47 ` Karl MacMillan
2005-06-28 19:31 ` Ivan Gyurdiev
2005-06-29 17:28 ` Ivan Gyurdiev
2005-06-29 18:17 ` Karl MacMillan
2005-06-29 18:46 ` Ivan Gyurdiev
2005-06-29 18:53 ` Stephen Smalley
2005-06-29 19:04 ` Karl MacMillan
2005-06-29 19:24 ` Ivan Gyurdiev
2005-06-29 19:50 ` Stephen Smalley
2005-06-29 20:03 ` Ivan Gyurdiev
2005-06-29 20:09 ` Stephen Smalley
2005-06-29 20:22 ` Ivan Gyurdiev
2005-06-30 13:54 ` Stephen Smalley
2005-06-29 20:22 ` Janak Desai
2005-06-29 20:43 ` Ivan Gyurdiev
2005-06-30 13:53 ` Ivan Gyurdiev
2005-06-30 13:58 ` Stephen Smalley
2005-06-30 14:48 ` Karl MacMillan
2005-06-30 14:52 ` Stephen Smalley
2005-06-30 13:56 ` Stephen Smalley
2005-06-29 20:13 ` Janak Desai
2005-06-30 0:40 ` Luke Kenneth Casson Leighton
2005-06-29 19:04 ` Karl MacMillan [this message]
2005-06-29 19:20 ` Ivan Gyurdiev
2005-06-24 5:03 ` Ivan Gyurdiev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200506291904.j5TJ447f019254@gotham.columbia.tresys.com \
--to=kmacmillan@tresys.com \
--cc=dwalsh@redhat.com \
--cc=gyurdiev@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.