Re: mdadm policy

[Ivan Gyurdiev <ivg2@xxxxxxxxxxx>]

> Well that's no comfort at all, mdadm_t domain has the ability to access
> raw disks and send mail... That's worrying enough.

I don't see anything about sending mail, but perhaps
I'm not looking hard enough. You're talking about adding this
privilege?

> # RAID block device access
> allow mdadm_t fixed_disk_device_t:blk_file create_file_perms;

hmm..yes..

Well, in this case, mdadm_t is the trusted domain,
and you *want* to transition it to other domains upon execution
of something that you don't trust.

So yes, if  you want want to send mail, you would add 
a transition like this:
domain_auto_trans(mdadm_t, sendmail_exec_t, sendmail_t (or whatever..))

What is this PROGRAM configurable option - can you describe in more 
detail. I don't know anything about mdadm.

> I will tweak my policy to make it run sendmail in
> sendmail_t and nothing else. That's safer than mdadm_t.

Perhaps this is something that should be in default policy - it
sounds like a good threat model.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.