From: Dominick Grift <dominick.grift@defensec.nl>
To: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [SELinux-notebook PATCH v8] objects.md: some clarifications
Date: Fri, 24 Jul 2020 14:29:08 +0200 [thread overview]
Message-ID: <ba69dd5b-8a01-5850-9375-2c99a92fe994@defensec.nl> (raw)
In-Reply-To: <CAEjxPJ7KuNR3T60-4XrsjAL-Po1a0MUuaBh_f_iTEuEVTFw+qw@mail.gmail.com>
On 7/24/20 2:23 PM, Stephen Smalley wrote:
> On Fri, Jul 24, 2020 at 3:54 AM Dominick Grift
> <dominick.grift@defensec.nl> wrote:
>>
>>
>>
>> On 7/23/20 3:24 PM, Stephen Smalley wrote:
>> > There is a tension there with fail-closed versus fail-open and the
>>> potential for a security vulnerability to arise if it proceeds. Would
>>> have to look at the specifics to evaluate how it should be handled.
>>> Of course, in practice, one really shouldn't be removing contexts
>>> while they are still in use (or else use aliases to preserve some
>>> degree of compatibility).
>>>
>>
>> I guess if there is tension be between GNU/Linux use of libselinux and
>> SEAndroids use of libselinux, where SE for Android is implemented by the
>> vendor to be immutable by the device owner, and where GNU/Linux
>> leverages SELinux to empower device owners, then any tension can be
>> alleviated if Google forks libselinux. In GNU/Linux it should just be
>> possible to switch policies.
>
> I wasn't talking about Android, just about the tension of
> fail-closed/secure versus fail-open/insecure in general.
> I don't have any problem with someone installing a new policy that
> completely changes the set of file contexts; I just don't think they
> should do that at runtime without a reboot in between and expect
> things to work seamlessly.
>
Yes but that is not what I am saying. It does not work even when you
reboot. I tried to explain that:
You install a new policy and run fixfiles -F onboot && reboot (as one
should)
systemd will fail to compute create socket activated sockets. and so
these socket activated daemon fail to start.
One of the daemons is device-mapper, and so if you use LVM type stuff
you may end up with with a system that is only partially relabeled.
Not to mention that in the relabel target various other services that
are socket activated fail to start, and so who know how else that may
affect things.
There is also this (however this might no longer be accurate):
systemd computes whether it can dynamically transition on boot. If the
systemd executable file has an invalid label and this computation fails
then systemd might just freeze in the first place.
next prev parent reply other threads:[~2020-07-24 12:29 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-10 7:09 [SELinux-notebook PATCH] onjects.md: some clarifications Dominick Grift
2020-07-10 7:14 ` [SELinux-notebook PATCH v2] objects.md: " Dominick Grift
2020-07-13 10:45 ` Richard Haines
2020-07-15 2:15 ` Paul Moore
2020-07-15 7:56 ` Dominick Grift
2020-07-16 11:18 ` [SELinux-notebook PATCH v3] " Dominick Grift
2020-07-16 12:17 ` [SELinux-notebook PATCH v4] " Dominick Grift
2020-07-17 1:36 ` Paul Moore
2020-07-17 6:41 ` Dominick Grift
2020-07-18 6:40 ` [SELinux-notebook PATCH v5] " Dominick Grift
2020-07-19 9:44 ` [SELinux-notebook PATCH v6] " Dominick Grift
2020-07-21 17:44 ` Stephen Smalley
2020-07-21 19:51 ` [SELinux-notebook PATCH v7] " Dominick Grift
2020-07-21 20:02 ` [SELinux-notebook PATCH v8] " Dominick Grift
2020-07-21 20:14 ` Dominick Grift
2020-07-22 16:48 ` Stephen Smalley
2020-07-22 16:57 ` Dominick Grift
2020-07-22 17:32 ` Stephen Smalley
2020-07-23 8:13 ` Dominick Grift
2020-07-23 12:22 ` Stephen Smalley
2020-07-23 13:04 ` Dominick Grift
2020-07-23 13:24 ` Stephen Smalley
2020-07-23 13:37 ` Dominick Grift
2020-07-24 7:54 ` Dominick Grift
2020-07-24 12:23 ` Stephen Smalley
2020-07-24 12:29 ` Dominick Grift [this message]
2020-07-24 12:56 ` Stephen Smalley
2020-07-24 13:06 ` Dominick Grift
2020-07-24 13:26 ` Stephen Smalley
2020-07-24 13:30 ` Dominick Grift
2020-07-22 17:29 ` Dominick Grift
2020-07-22 15:11 ` Stephen Smalley
2020-07-23 7:50 ` [SELinux-notebook PATCH v9] " Dominick Grift
2020-07-23 12:00 ` Stephen Smalley
2020-07-27 13:43 ` Stephen Smalley
2020-07-28 2:17 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ba69dd5b-8a01-5850-9375-2c99a92fe994@defensec.nl \
--to=dominick.grift@defensec.nl \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).