From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2744C433DB for ; Thu, 28 Jan 2021 14:01:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0BB6864DD6 for ; Thu, 28 Jan 2021 14:01:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229651AbhA1OBP (ORCPT ); Thu, 28 Jan 2021 09:01:15 -0500 Received: from smtp.sws.net.au ([46.4.88.250]:54790 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229596AbhA1OBP (ORCPT ); Thu, 28 Jan 2021 09:01:15 -0500 Received: from liv.coker.com.au (unknown [103.75.204.226]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id C38781739A; Fri, 29 Jan 2021 01:00:30 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1611842431; bh=EjQTkd89MRnps+l9qL50o+IPu4gyAyEJuSgvZ0ivAHM=; l=1293; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Pj53ST5ebmm9DTSDcAlKVFqShyEP4AzaCE4ZscTRlw8cUauXa2Ghpj8doVCcW/JET gPDUMHyTgNZBu4QaCFMrcr6HPbD97/3pIt/1ryu8XWFY+i7AD73SH2K2grPklLPlGW 4NxpeKpoN0yHNuY34RHvuk5HxsLzx/zuu3+CpUdc= From: Russell Coker To: Dominick Grift Cc: selinux-refpolicy@vger.kernel.org Subject: Re: sddm issue and patch not for inclusion Date: Fri, 29 Jan 2021 01:00:26 +1100 Message-ID: <1944791.8TnJqL1ZiL@liv> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On Thursday, 28 January 2021 10:36:19 PM AEDT Dominick Grift wrote: > >> In Debian/Unstable (which will soon be frozen and become the next stable > >> release) the sddm X login program (the one that's generally recommended > >> and specifically known to generally work well with SE Linux) uses PAM to > >> start a session for the "greeter" (the program that asks for a password > >> before a new session is started). > >> > >> With the policy currently in Debian that means the sddm user matches > >> "__default__" and gets unconfined_u:unconfined_r:unconfined_t, not what > >> is desirable for a program that takes input from unauthenticated users. > >> > >> role xdm_r; > >> role xdm_r types xdm_t; > >> allow system_r xdm_r; > >> allow xdm_t xdm_tmpfs_t:file execmod; > > > > that looks like a bug or at least bad code That's a design decision. One could make a convincing argument that it's a good decision. > >> corecmd_bin_entry_type(xdm_t) > > Also wondering what or which bin_t file or files this applies to and if > it instead is not possible to give these a private type /usr/bin/sddm-greeter. Yes I can give it a private type, might be a good idea in any case. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/