[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: file_type_auto_trans is not sufficient

To: <ivg2@xxxxxxxxxxx>, "'Stephen Smalley'" <sds@xxxxxxxxxxxxx>
Subject: RE: file_type_auto_trans is not sufficient
From: "Karl MacMillan" <kmacmillan@xxxxxxxxxx>
Date: Tue, 31 May 2005 10:12:21 -0400
Cc: <SELinux@xxxxxxxxxxxxx>, <dwalsh@xxxxxxxxxx>
In-reply-to: <1117546555.13058.14.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx
Thread-index: AcVl5oBXCw1PDMYgR8SC5UDn/xdLIAAAxqcw

> -----Original Message-----
> From: owner-selinux@xxxxxxxxxxxxx [mailto:owner-selinux@xxxxxxxxxxxxx] On
> Behalf Of Ivan Gyurdiev
> Sent: Tuesday, May 31, 2005 9:36 AM
> To: Stephen Smalley
> Cc: SELinux@xxxxxxxxxxxxx; dwalsh@xxxxxxxxxx
> Subject: Re: file_type_auto_trans is not sufficient
> 
> 
> > I'd advise against creating a composite interface like this, as it runs
> > into the same problems that we had with the original SELinux API (which
> > had extended forms of mkdir/creat/mknod/exec), i.e. use of glibc
> > functions that internally use these functions, as you note in a later
> > message.
> 
> I agree, that was a bad idea.
> 
> >   Instead, keep the setting and resetting of the fscreate
> > context as a separate operation, and then let the application continue
> > to use ordinary mkdir/create/mknod or glibc functions for the actual
> > creation.
> 
> Yes, but there's problems with that - in particular:
> 
> - is this thread-safe - see my later message
> 
> - is this a good idea - it pushes dynamic type changes into various
> programs, while otherwise it's all in the policy, and easier to analyze
> 
> - makes virtually everything depend on libselinux
> 
> - I'm replicating the same code pattern in lots of places...
> 
> - it puts linux-specific code into otherwise portable apps. I've
> surrounded it all by WITH_SELINUX, but it's still rather ugly -
> don't think upstream will like it.
> 

The other option, of course, is to change the applications to use/create many
more directories, each with a separate type to allow the file_type_auto_trans
rules to work. Your orbit example might mean that there is a /tmp/orbit
directory where all orbit files are created. This may not be any more feasible,
but I think it should at least be considered.

Karl

---
Karl MacMillan
Tresys Technology
http://www.tresys.com
(410) 290-1411 ext 134

> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- RE: file_type_auto_trans is not sufficient
  - From: Ivan Gyurdiev

References:
- Re: file_type_auto_trans is not sufficient
  - From: Ivan Gyurdiev

Prev by Date: Re: smaller memory footprint for 'strict' policy - helping gentoo as well
Next by Date: [ PATCH ]: evolution/thunderbird/gconf/orbit/other stuff - comments?
Previous by thread: Re: file_type_auto_trans is not sufficient
Next by thread: RE: file_type_auto_trans is not sufficient
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.