All of lore.kernel.org
 help / color / mirror / Atom feed
From: domg472@gmail.com (Dominick Grift)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [ v3 PATCH 4/8] Git session daemon
Date: Tue, 30 Aug 2011 19:20:17 +0200	[thread overview]
Message-ID: <20110830172016.GC6861@localhost.localdomain> (raw)
In-Reply-To: <4E5CEAB8.2010802@tresys.com>

On Tue, Aug 30, 2011 at 09:50:48AM -0400, Christopher J. PeBenito wrote:
> On 08/26/11 11:30, Dominick Grift wrote:
> > On Fri, Aug 26, 2011 at 09:33:54AM -0400, Christopher J. PeBenito wrote:
> >> On 08/24/11 08:35, Dominick Grift wrote:
> >>> Wait! Theres more. Besides running Git daemon as a inetd service domain, unprivileged users can also
> >>> run Git daemon by executing /usr/libexec/git-core/git-daemon from a shell to allow it to
> >>> read and serve their Git personal repositories in ~/public_git. It in large parts does the same
> >>> as Git daemon run by inetd but there are some differences. Most notably is the network access
> >>> that the Git session daemon requires to listen on the Git port for service.
> >>>
> >>> The Git system daemon does not need this because inetd takes care of the network for it.
> >>> Another difference is that Git session daemon can only read and serve users Git personal
> >>> repositories, where Git system daemon can, if configured, read and serve both shared as well
> >>> as personal repositories. Since much of the policy is common to both session and
> >>> system, we declared a git_daemon attribute and assigned that to both the Git system and
> >>> session daemons. This allows use to write policy that both daemon have in common once.
> >>> Leaving the policy as compact as possible. So now we have two Git daemon domains, one
> >>> session domain started by unprivileged users and one system domain started by inetd.
> >>>
> >>> Fix: since we renamed gitd_t to git_system_t, add alias.
> >>> Change back gitd_use_nfs, gitd_use_cifs to git_system_use_nfs and git_system_use_cifs respectively
> >>
> >> Perhaps I missed something, but how did it make sense to separate out
> >> the content types from this patch?
> > 
> > The git_user_content_t has no relation to git session per se. 
> > 
> > in the git.fc file there is a context spec for HOME_DIR/\public_git(/.*)? ...
> > this means all login users will get content at ~/public_git labeled git_user_content_t, whether they call git_session_role_template or not.
> > So they need to be able to manage that. what if a user creates ~/pubic_git, and administrator runs filefiles relabel or restorecon -R -v /home? then ~/public_git will get relabeled to git_user_content_t and that user can no longer interact with it.
> > 
> > By splitting the git_user_content_t type from the git session t policy we make it more flexible.
> > 
> > administrator may want to allow git system domain to read and service ~/public_git even though the user owning it is not allowed to run git session in the git session domain.
> > 
> > in short git_user_content_t and git_session_t arent strictly related. I was hoping the descriptions accompanying the patches would make that clear
> 
> NAK.  See my other email about this.  To summarize, I think its overengineered
> to have the content w/o session.

Really? apache module has httpd_user_content_t with out a user session (yes you can run httpd_t as a session daemon)
Anyways, duly noted. I can do what you want.

> 
> >> I'm confused why its renaming things from previous patches.  Why not
> >> create it right in the first place?
> > 
> > I initially started with gitd_t rather than git_system_t because that made sense at that stage. There was no git_session_t yet at that point. Besides, what does it matter i created an alias to git_system_t in the patch that introduce git session t
> 
> So, in other words, these patches reflect how your development flow went.  In
> the future please try to clean up submissions, as these type of changes make it
> confusing for review.

I think i did right. I think that if i have the git daemon domain type git_system_t in my first patch my might have complained about that name. I anticipated that and called it gitd_t instead for that reason only.

Anyways, sure i can do what you want and call it git_system_t from the get go.

> >> git_session_role_template() isn't creating any types, so it should be
> >> renamed to git_session_role().  Or in light of the previous patches,
> >> git_role().
> > 
> > Ok that pretty minor and i can just submit a patch to apply that after the other applicable patches are submitted.
> 
> Thats fine.
> 
> -- 
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110830/83289e3d/attachment.bin 

  reply	other threads:[~2011-08-30 17:20 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-24 12:35 [refpolicy] [ v3 PATCH 0/8] Git daemon domain Dominick Grift
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 1/8] Git inetd service domain and a primage Git shared repository type Dominick Grift
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 2/8] Git personal repositories Dominick Grift
2011-08-26 13:18   ` Christopher J. PeBenito
2011-08-26 13:30     ` Dominick Grift
2011-08-30 13:37       ` Christopher J. PeBenito
2011-08-30 17:31         ` Dominick Grift
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 3/8] Git shell users Dominick Grift
2011-08-25  9:07   ` Dominick Grift
2011-08-26 13:28     ` Christopher J. PeBenito
2011-08-26 15:36       ` Dominick Grift
2011-08-26 17:26       ` Dominick Grift
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 4/8] Git session daemon Dominick Grift
2011-08-26 13:33   ` Christopher J. PeBenito
2011-08-26 15:30     ` Dominick Grift
2011-08-30 13:50       ` Christopher J. PeBenito
2011-08-30 17:20         ` Dominick Grift [this message]
2011-08-31 14:36           ` Christopher J. PeBenito
2011-08-31 14:49             ` Dominick Grift
2011-08-31 15:14               ` Christopher J. PeBenito
2011-08-31 15:38                 ` Dominick Grift
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 5/8] Gitweb, cgit and the git_content attribute Dominick Grift
2011-08-26 13:35   ` Christopher J. PeBenito
2011-08-26 16:14     ` Dominick Grift
2011-08-30 13:23       ` Christopher J. PeBenito
2011-08-30 17:15         ` Dominick Grift
2011-08-31 14:48           ` Christopher J. PeBenito
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 6/8] Git shared repository separation and custom shared repository types Dominick Grift
2011-08-26 13:46   ` Christopher J. PeBenito
2011-08-26 15:46     ` Dominick Grift
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 7/8] Git session daemons binding TCP sockets to unreserved ports Dominick Grift
2011-08-24 12:35 ` [refpolicy] [ v3 PATCH 8/8] I am not sure about this but it might prove useful for NIS? Dominick Grift

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110830172016.GC6861@localhost.localdomain \
    --to=domg472@gmail.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.