* Re: role infrastructure
[not found] <1152106918.8907.28.camel@sgc>
@ 2006-07-11 13:37 ` Daniel J Walsh
2006-07-14 13:17 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Daniel J Walsh @ 2006-07-11 13:37 UTC (permalink / raw)
To: Christopher J. PeBenito, SE Linux
Bringing this out for full discussion.
Christopher J. PeBenito wrote:
> Dan, can you give me a run down of:
>
> 1. how you want to be able to configure user roles
> 2. things that fc/rhel users request for user role customization
>
Good question I think this is more a brain storming exercise, which I
don't necessarily have the knowledge or
experience to answer.
What I have heard is for Sarbanes Oxley, groups want to be allowed to
have administrators that can get root privs in order to
configure certain facets of the system, but not full control.
So you could imagine a webadmin, nameserveradmin, dhcpadmin as
examples. Then I believe they would like to use
dominance in some way to group them. netadmin = { nameserveradmin
dhcpadmin }.
My idea is that we give these administrators full control over the types
defined for these domains, and allow them to use all of the
standard tools for configuring (vi, emacs, basically anything labeled
bin_t.)
To make this useful in a Targeted policy system, we might do something
to sudo to get a transition to happen.
So dwalsh can run a root shell but only in the webadm_r unconfined_t
would transition to webadm_r.
Thoughts?
Dan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: role infrastructure
2006-07-11 13:37 ` role infrastructure Daniel J Walsh
@ 2006-07-14 13:17 ` Christopher J. PeBenito
2006-07-14 17:13 ` Daniel J Walsh
0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2006-07-14 13:17 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SE Linux
On Tue, 2006-07-11 at 09:37 -0400, Daniel J Walsh wrote:
> Bringing this out for full discussion.
>
> Christopher J. PeBenito wrote:
> > Dan, can you give me a run down of:
> >
> > 1. how you want to be able to configure user roles
> > 2. things that fc/rhel users request for user role customization
> >
> Good question I think this is more a brain storming exercise, which I
> don't necessarily have the knowledge or
> experience to answer.
>
> What I have heard is for Sarbanes Oxley, groups want to be allowed to
> have administrators that can get root privs in order to
> configure certain facets of the system, but not full control.
>
> So you could imagine a webadmin, nameserveradmin, dhcpadmin as
> examples. Then I believe they would like to use
> dominance in some way to group them. netadmin = { nameserveradmin
> dhcpadmin }.
>
> My idea is that we give these administrators full control over the types
> defined for these domains, and allow them to use all of the
> standard tools for configuring (vi, emacs, basically anything labeled
> bin_t.)
>
> To make this useful in a Targeted policy system, we might do something
> to sudo to get a transition to happen.
>
> So dwalsh can run a root shell but only in the webadm_r unconfined_t
> would transition to webadm_r.
So this looks like the main goal of these examples is finer-grained
admin users, which makes sense. What I'd like to do is go one step
farther and make it possible to compose the roles more easily, making it
possible to have unprivileged users that have less access than the
current user_t. If you look at the userdomain.if in the role-infra
branch, you can see that I started to break down the user domains into
logical blocks so they can be more easily composed. Note, the names on
these templates are just temporary, and will be changed in the future.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: role infrastructure
2006-07-14 13:17 ` Christopher J. PeBenito
@ 2006-07-14 17:13 ` Daniel J Walsh
0 siblings, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2006-07-14 17:13 UTC (permalink / raw)
To: Christopher J. PeBenito; +Cc: SE Linux
Christopher J. PeBenito wrote:
> On Tue, 2006-07-11 at 09:37 -0400, Daniel J Walsh wrote:
>
>> Bringing this out for full discussion.
>>
>> Christopher J. PeBenito wrote:
>>
>>> Dan, can you give me a run down of:
>>>
>>> 1. how you want to be able to configure user roles
>>> 2. things that fc/rhel users request for user role customization
>>>
>>>
>> Good question I think this is more a brain storming exercise, which I
>> don't necessarily have the knowledge or
>> experience to answer.
>>
>> What I have heard is for Sarbanes Oxley, groups want to be allowed to
>> have administrators that can get root privs in order to
>> configure certain facets of the system, but not full control.
>>
>> So you could imagine a webadmin, nameserveradmin, dhcpadmin as
>> examples. Then I believe they would like to use
>> dominance in some way to group them. netadmin = { nameserveradmin
>> dhcpadmin }.
>>
>> My idea is that we give these administrators full control over the types
>> defined for these domains, and allow them to use all of the
>> standard tools for configuring (vi, emacs, basically anything labeled
>> bin_t.)
>>
>> To make this useful in a Targeted policy system, we might do something
>> to sudo to get a transition to happen.
>>
>> So dwalsh can run a root shell but only in the webadm_r unconfined_t
>> would transition to webadm_r.
>>
>
> So this looks like the main goal of these examples is finer-grained
> admin users, which makes sense.
exactly
> What I'd like to do is go one step
> farther and make it possible to compose the roles more easily, making it
> possible to have unprivileged users that have less access than the
> current user_t.
I agree.
I would like to get to the point where in targeted policy we could allow
people to turn on mozilla/thunderbird
policy via a boolean. So someone building a kiosk could run a locked
down version of thunderbird without requiring
the pain of strict policy. But I digress.
> If you look at the userdomain.if in the role-infra
> branch, you can see that I started to break down the user domains into
> logical blocks so they can be more easily composed. Note, the names on
> these templates are just temporary, and will be changed in the future.
>
>
Yes that is a step in the right direction.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-07-14 17:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <1152106918.8907.28.camel@sgc>
2006-07-11 13:37 ` role infrastructure Daniel J Walsh
2006-07-14 13:17 ` Christopher J. PeBenito
2006-07-14 17:13 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.