rob myers | 1 Aug 01:18 2007
Picon

Re: oracle policy

On Tue, 2007-07-31 at 16:41 -0400, rob myers wrote: 
> On Tue, 2007-07-03 at 13:34 -0400, Daniel J Walsh wrote: 
> > rob myers wrote:
> > >
> > > i'm not sure what you mean by breaking the helper apps and writing
> > > policy for their specific tasks.  could you refer me to an example or
> > > explain a bit more?
> > >   
> > If you look at postfix, you will see a good example.  The idea of least 
> > privs is to give an app the least privs it needs to do a job.
> > 
> > As an example if your oracle app needed r/w access to the disk in order 
> > to format it in a particular way, and the way it did this was to exec
> > /usr/bin/oracle_disk_format  You could give oracle_t 
> > fixed_disk_device_t:blk_file manage_blk_device_t; Or you could generate 
> > a policy for oracle_disk_format_t,
> > and only give the helper app that permission.   Oracle would only be 
> > able to format the disk through the execing of the helper app.
> 
> ok, that makes sense.  the attached policy is a rewrite that attempts to
> implement this suggestion.  feedback is always appreciated.

this patch might help, too.

--- oracle.te.orig	2007-07-31 19:12:11.000000000 -0400
+++ oracle.te	2007-07-31 19:12:46.000000000 -0400
 <at>  <at>  -48,9 +48,10  <at>  <at>  allow oracle_db_t oracle_dbfile_t:file {
 allow oracle_db_t oracle_dbfile_t:dir { create_dir_perms };

 # Automatically transition to the correct domain
(Continue reading)

shahbaz khan | 1 Aug 02:12 2007
Picon

selinux rsbac and grsecurity internels

I would like to ask a few questions from the experts regarding some
implementations. I am working on a survey on selinux rsbac and
grsecurity. Got some from mailing lists but need more. References will
be appreciated.. They are the following:

1. What is a security aware application. What functionality it can
provide? Has this functionality been provide in the other competitors.

2. Where are sids implemented. I have heard that they are history now.
How are they opaque to object managers?

3. What difference has PMS brought to selinux. Do we have such in
other implementations?

4. How is PMS implemented? Any technical documents? Is it a secure
application using the extended api?

5. How and where is AVC implemented?

6.Is there any good logging facility apart from regular denial? I have
heard rsbac and grsecurity has better logging facilities.

7. SELinux uses syscall interception. Is it through LSM? How does
rsbac and grsecurity manage this?

8. Of the topic but how does grsecurity implement acls and rbac. Is
rbac used through the acls or a seperate module?

9. How can we best judge the network controls of rsbac and grsecurity
w.r.t. implementation, usability and functionality?
(Continue reading)

Ken YANG | 1 Aug 03:59 2007
Picon

Re: [PATCH RFC] soundserver policy modification

Ken YANG wrote:
> hi all,
> 
> i add some policy for nas(network audio system),
> the drive of this modification is:
> 
> http://marc.info/?l=fedora-selinux-list&m=118493958413746&w=2
> 
> i post the modification to fedora-selinux-list
> at last Saturday. Considering that fedora rawhide
> policy now is merged version(strict and targeted),
> which is somewhat different from the upstream policy,
> so i post to that list:
> 
> http://marc.info/?l=fedora-selinux-list&m=118561164825982&w=2
> 
> but there wasnt reply about this patch until now,
> so i think i post to the wrong place, then i "diff" with
> the upstream policy(2377).
> 
> please review this patch.

sorry, in last patch, i forgot add some targeted_policy
rules, which had been removed from the merged-version
policy(selinux-policy>3.0)

additionally, the new patch based on 2383 version

> 
> 
(Continue reading)

KaiGai Kohei | 1 Aug 11:44 2007
Picon

Re: Guideline for RPM packages

Paul Howarth wrote:
> On Wed, 01 Aug 2007 10:19:32 +0900
> KaiGai Kohei <kaigai@...> wrote:
> 
>> KaiGai Kohei wrote:
>>> Paul Howarth wrote:
>>>> KaiGai Kohei wrote:
>>>>>>>> If I remember correctly, someone posted a guideline to make
>>>>>>>> a RPM package which contains binary security policy, several
>>>>>>>> weeks ago.
>>>>>>>>
>>>>>>>> If you know the URL, would you tell me the location?
>>>>>>> There is a draft guide at:
>>>>>>> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
>>>>>> Thanks, so much!
>>>>> I have a comment for the Policy Module Packaging Guideline.
>>>>>
>>>>> The document says every *.pp files should be installed for any
>>>>> sort of policies (targeted, strict, mls) in the %post section.
>>>>> However, it can cause a problem when a part of policies are not
>>>>> installed yet.
>>>>>
>>>>> When we try to install an application including policy package on
>>>>> the system which has only targeted policy, installation of *.pp
>>>>> files for strict/mls will be failed no need to say.
>>>>> If we want to install selinux-policy-strict or -mls later, the
>>>>> oraphan *.pp files are not linked automatically because
>>>>> "/usr/bin/semodule -i" is not invoked. It will cause a simple
>>>>> problem, but a bit difficult to find out.
>>>>>
(Continue reading)

Steve G | 1 Aug 14:10 2007
Picon

Re: selinux rsbac and grsecurity internels


>6.Is there any good logging facility apart from regular denial? I have
>heard rsbac and grsecurity has better logging facilities.

Yes, there is a complete audit system unrelated to selinux that has been in the
upstream kernel since 2.6.6. Its been through 7 CAPP evals and 2 LSPP evals. The
linux-audit mail list might be a better place to ask questions about it, though.

-Steve Grubb

      ____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel and lay it on us.
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 

KaiGai Kohei | 1 Aug 14:17 2007
Picon

Fedora/SE-PostgreSQL

Hi,

A week ago, I submitted a review request of SE-PostgreSQL to
the Fedora project as follows:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249522

The biggest issue is lack of definitions of new object classes
and access vectors related to database.
Rest of policies can be installed as a binary security policy module
packed within the RPM package, but these definitions and MLS/MCS rules
cannot be moduled.

The attached patch adds these definitions to the base policy.

I remember Chris said as follows at the past.
> Is the code on a path to being merged upstream?  I'm hesitant to apply
> class changes until the code is on a plan to be merged.

However, I would like you to consider it again.
I believe that spread of using secure applications, like SE-PostgreSQL,
can help promote SELinux more, and it's so worthful to make it more
uncomplicated to maintain.

In addition, the next release of PostgreSQL with new features (8.4) is
planed at the autumn 2008. It means that any SE-PostgreSQL users have to
replace the default selinux-policy package by the modified one for a year
and more, at least. I think it's a senseless work.

It may be a time the definitions of object classes related to database are
integrated into the base security policy.
(Continue reading)

Stephen Smalley | 1 Aug 14:29 2007
Picon

Re: Problem with semanage, looks like we don't handle the <<none>> context type?

On Tue, 2007-07-31 at 16:57 -0400, Daniel J Walsh wrote:
> Joshua Brindle wrote:
> > Daniel J Walsh wrote:
> >> cat /tmp/test.py
> >> #!/usr/bin/python
> >> from semanage import *
> >> sh = semanage_handle_create()
> >> rc, con = semanage_context_from_string(sh, "<<none>>")
> >> rc,fcontext = semanage_fcontext_create(sh)
> >> semanage_fcontext_set_con(sh, fcontext, con)
> >>
> >>
> >> # python /tmp/test.py
> >> Segmentation fault
> >
> > Granted the segfault needs to be fixed but what exactly are you trying 
> > to accomplish? <<none>> is not a type, its just something matchpathcon 
> > uses to short circuit its labeling behavior.
> >
> I have a request from someone who wants to setup a directory that 
> shortcuts the labeling behaviour.  IE wants restorecon and friends to do 
> nothing in the directory.

libsemanage maps a NULL context to <<none>>.

--

-- 
Stephen Smalley
National Security Agency

(Continue reading)

Stephen Smalley | 1 Aug 15:02 2007
Picon

Re: Problem with semanage, looks like we don't handle the <<none>> context type?

On Wed, 2007-08-01 at 08:29 -0400, Stephen Smalley wrote:
> On Tue, 2007-07-31 at 16:57 -0400, Daniel J Walsh wrote:
> > Joshua Brindle wrote:
> > > Daniel J Walsh wrote:
> > >> cat /tmp/test.py
> > >> #!/usr/bin/python
> > >> from semanage import *
> > >> sh = semanage_handle_create()
> > >> rc, con = semanage_context_from_string(sh, "<<none>>")
> > >> rc,fcontext = semanage_fcontext_create(sh)
> > >> semanage_fcontext_set_con(sh, fcontext, con)
> > >>
> > >>
> > >> # python /tmp/test.py
> > >> Segmentation fault
> > >
> > > Granted the segfault needs to be fixed but what exactly are you trying 
> > > to accomplish? <<none>> is not a type, its just something matchpathcon 
> > > uses to short circuit its labeling behavior.
> > >
> > I have a request from someone who wants to setup a directory that 
> > shortcuts the labeling behaviour.  IE wants restorecon and friends to do 
> > nothing in the directory.
> 
> libsemanage maps a NULL context to <<none>>.

Also, you never did a semanage_context_create() in the above.

--

-- 
Stephen Smalley
(Continue reading)

Daniel J Walsh | 1 Aug 15:00 2007
Picon

Re: Problem with semanage, looks like we don't handle the <<none>> context type?

Stephen Smalley wrote:
> On Tue, 2007-07-31 at 16:57 -0400, Daniel J Walsh wrote:
>   
>> Joshua Brindle wrote:
>>     
>>> Daniel J Walsh wrote:
>>>       
>>>> cat /tmp/test.py
>>>> #!/usr/bin/python
>>>> from semanage import *
>>>> sh = semanage_handle_create()
>>>> rc, con = semanage_context_from_string(sh, "<<none>>")
>>>> rc,fcontext = semanage_fcontext_create(sh)
>>>> semanage_fcontext_set_con(sh, fcontext, con)
>>>>
>>>>
>>>> # python /tmp/test.py
>>>> Segmentation fault
>>>>         
>>> Granted the segfault needs to be fixed but what exactly are you trying 
>>> to accomplish? <<none>> is not a type, its just something matchpathcon 
>>> uses to short circuit its labeling behavior.
>>>
>>>       
>> I have a request from someone who wants to setup a directory that 
>> shortcuts the labeling behaviour.  IE wants restorecon and friends to do 
>> nothing in the directory.
>>     
>
> libsemanage maps a NULL context to <<none>>.
(Continue reading)

Stephen Smalley | 1 Aug 15:46 2007
Picon

Re: Problem with semanage, looks like we don't handle the <<none>> context type?

On Wed, 2007-08-01 at 09:02 -0400, Stephen Smalley wrote:
> On Wed, 2007-08-01 at 08:29 -0400, Stephen Smalley wrote:
> > On Tue, 2007-07-31 at 16:57 -0400, Daniel J Walsh wrote:
> > > Joshua Brindle wrote:
> > > > Daniel J Walsh wrote:
> > > >> cat /tmp/test.py
> > > >> #!/usr/bin/python
> > > >> from semanage import *
> > > >> sh = semanage_handle_create()
> > > >> rc, con = semanage_context_from_string(sh, "<<none>>")
> > > >> rc,fcontext = semanage_fcontext_create(sh)
> > > >> semanage_fcontext_set_con(sh, fcontext, con)
> > > >>
> > > >>
> > > >> # python /tmp/test.py
> > > >> Segmentation fault
> > > >
> > > > Granted the segfault needs to be fixed but what exactly are you trying 
> > > > to accomplish? <<none>> is not a type, its just something matchpathcon 
> > > > uses to short circuit its labeling behavior.
> > > >
> > > I have a request from someone who wants to setup a directory that 
> > > shortcuts the labeling behaviour.  IE wants restorecon and friends to do 
> > > nothing in the directory.
> > 
> > libsemanage maps a NULL context to <<none>>.
> 
> Also, you never did a semanage_context_create() in the above.

Ah, never mind - not necessary.
(Continue reading)


Gmane