* connected_stream_socket_perms
@ 2019-01-10 10:51 Russell Coker
2019-01-11 1:23 ` connected_stream_socket_perms Chris PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Russell Coker @ 2019-01-10 10:51 UTC (permalink / raw)
To: selinux-refpolicy
define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind
connect getopt setopt shutdown }')
define(`connected_socket_perms', `{ create ioctl read getattr write setattr
append bind getopt setopt shutdown }')
The difference between these 2 is that connected_socket_perms includes create
while rw_socket_perms has connect. Why doesn't rw_socket_perms have create?
Or if we are saying "rw_socket_perms only means reading and writing" then why
does it have connect?
Does this all make sense?
I expect that a lot of policy has been written based on using whichever of
those macros seems to match an audit2allow rule and vaguely match the concept
of what someone imagines the program in question is doing.
Would it make sense to have another macro defined to { ioctl read getattr write
setattr append bind getopt setopt shutdown } so that there can be a more
obvious progression of which macro is a superset of which other macro?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: connected_stream_socket_perms
2019-01-10 10:51 connected_stream_socket_perms Russell Coker
@ 2019-01-11 1:23 ` Chris PeBenito
2019-01-11 3:22 ` connected_stream_socket_perms Russell Coker
0 siblings, 1 reply; 3+ messages in thread
From: Chris PeBenito @ 2019-01-11 1:23 UTC (permalink / raw)
To: Russell Coker, selinux-refpolicy
On 1/10/19 5:51 AM, Russell Coker wrote:
> define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind
> connect getopt setopt shutdown }')
>
> define(`connected_socket_perms', `{ create ioctl read getattr write setattr
> append bind getopt setopt shutdown }')
>
> The difference between these 2 is that connected_socket_perms includes create
> while rw_socket_perms has connect. Why doesn't rw_socket_perms have create?
> Or if we are saying "rw_socket_perms only means reading and writing" then why
> does it have connect?
>
> Does this all make sense?
>
> I expect that a lot of policy has been written based on using whichever of
> those macros seems to match an audit2allow rule and vaguely match the concept
> of what someone imagines the program in question is doing.
>
> Would it make sense to have another macro defined to { ioctl read getattr write
> setattr append bind getopt setopt shutdown } so that there can be a more
> obvious progression of which macro is a superset of which other macro?
Those lines are ancient (2005). I'm open to reveisions. I'm definitely
eager for better clarity and consistency.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: connected_stream_socket_perms
2019-01-11 1:23 ` connected_stream_socket_perms Chris PeBenito
@ 2019-01-11 3:22 ` Russell Coker
0 siblings, 0 replies; 3+ messages in thread
From: Russell Coker @ 2019-01-11 3:22 UTC (permalink / raw)
To: Chris PeBenito, selinux-refpolicy
I don't even know where to start with this. What are the aims here? What access is reasonable and necessary?
The one assumption I think we can start from is that current policy is not a good guide to what is required. Probably all current policy is bad in this regard.
On 11 January 2019 12:23:21 pm AEDT, Chris PeBenito <pebenito@ieee.org> wrote:
>On 1/10/19 5:51 AM, Russell Coker wrote:
>> define(`rw_socket_perms', `{ ioctl read getattr write setattr append
>bind
>> connect getopt setopt shutdown }')
>>
>> define(`connected_socket_perms', `{ create ioctl read getattr write
>setattr
>> append bind getopt setopt shutdown }')
>>
>> The difference between these 2 is that connected_socket_perms
>includes create
>> while rw_socket_perms has connect. Why doesn't rw_socket_perms have
>create?
>> Or if we are saying "rw_socket_perms only means reading and writing"
>then why
>> does it have connect?
>>
>> Does this all make sense?
>>
>> I expect that a lot of policy has been written based on using
>whichever of
>> those macros seems to match an audit2allow rule and vaguely match the
>concept
>> of what someone imagines the program in question is doing.
>>
>> Would it make sense to have another macro defined to { ioctl read
>getattr write
>> setattr append bind getopt setopt shutdown } so that there can be a
>more
>> obvious progression of which macro is a superset of which other
>macro?
>
>Those lines are ancient (2005). I'm open to reveisions. I'm
>definitely
>eager for better clarity and consistency.
--
Sent from my Huawei Mate 9 with K-9 Mail.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-01-11 3:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-10 10:51 connected_stream_socket_perms Russell Coker
2019-01-11 1:23 ` connected_stream_socket_perms Chris PeBenito
2019-01-11 3:22 ` connected_stream_socket_perms Russell Coker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).