Horde Application Suite and SELinux...

[Stephen Smalley]

On Tue, 2005-02-22 at 23:26 -0500, Kodungallur Varma wrote:
>        I have my fedora core 3 selinux machine setup. I wrote a policy
> to run the following process - spread daemon (Spread tool kit -
> www.spread.org).  its running great with the policy. what I want now
> is some API's/ system calls that I can use to change the security
> context of spread dynamically. in case I am not clear, I am trying to
> modify the spread source code so that spread while running, can change
> its security contexts dynamically. I downloaded libselinux.XXX rpm,
> but I could not get any functions that I can use to access the
> functionality. any help in this regard is greatly appreciated. thanx
> in advance..

Historically, SELinux has only support security context transitions via
execve; the application can explicitly request such a transition by
calling setexeccon(3) and then calling execve(), or the policy can
specify an automatic transition using the domain_auto_trans() macro
based on the calling domain and the type assigned to the program
executable.  Exec-based transitions are preferable because one can
control the inheritance of state and the initialization of the process
in the new security context, providing real isolation and protection
between the two security contexts.  More recently, a setcon(3) interface
was added to support dynamic context transitions as you describe for
privilege bracketing by applications that are trusted to maintain
separation between the two contexts, but this should only be used with
great care and only if an exec-based transition is truly infeasible.  As
setcon(3) was a very recent change, I'm not sure that it was even
included in FC3; you may need a more recent kernel and libselinux for
it.

-- 
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency