<div>On 4/19/07, Daniel J Walsh <<a href="mailto:dwalsh@redhat.com">dwalsh@redhat.com</a>> wrote:<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Al Pacifico wrote: > I (a greenhorn with selinux) am writing a policy for a daemon that > streams music files over my home network to a music player client (a > Slimdevices Squeezebox). My OS is FC5. > > The main daemon (/usr/sbin/slimserver) is a perl script that serves > the music files and is started with an init script. My questions have > to do with a secondary program (/usr/sbin/slimserver-scanner, also a > perl script) that scans the music on the server, reading mp3 tags and > such, and generates a database of stored music that is stored in a > MySQL database. /usr/sbin/slimserver-scanner is invoked by the > /usr/sbin/slimserver daemon and might be invoked by the user (although > I can't recall ever doing so in several years of owning a Squeezebox). > > I've been following the example posted by Dan Walsh in a blog at > <a href="http://danwalsh.livejournal.com/8707.html?thread=39171">http://danwalsh.livejournal.com/8707.html?thread=39171</a> which has been > extremely helpful. > > My (2) questions: > 1. What is the appropriate file context for the scanner program? > system_u:object_r:sbin_t? > system_u:object_r:slimserver_t? > system_u:object_r:slimserver_exec_t? > That depends on your security goals. If you want the slimserver-scanner to have the same privs as slimserver you would label it sbin_t and allow slimserver to corecmd_exec_sbin(). If you want to go with least privs, you would create a new policy for slimserver-scanner (slimserver_scanner_t with file context of slimserver_scanner_exec_t) and then add a rule to slimserver_t to domtrans slimserver_scanner_domtrans(slimserver_t)</blockquote><div> I'm a little confused about this. I want to limit privileges of slimserver and slimserver-scanner to accessing only certain files. If I label slimserver-scanner as 'sbin_t', when a user executes slimserver-scanner, won't he/she have more privileges than slimserver then? </div> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> The generated slimserver.fc file contains: > # slimserver executable will have: > # label: system_u:object_r:slimserver_exec_t > # MLS sensitivity: s0 > # MCS categories: <none> > > /usr/sbin/slimserver -- > gen_context(system_u:object_r:slimserver_exec_t,s0) > /var/run/slimserver.pid > gen_context(system_u:object_r:slimserver_var_run_t,s0) > /var/log/slimserver > gen_context(system_u:object_r:slimserver_var_log_t,s0) > > and the slimserver.if file contains: > interface(`slimserver_domtrans',` > gen_require(` > type slimserver_t, slimserver_exec_t; > ') > > domain_auto_trans($1,slimserver_exec_t,slimserver_t) > > allow $1 slimserver_t:fd use; > allow slimserver_t $1:fd use; > allow slimserver_t $1:fifo_file rw_file_perms; > allow slimserver_t $1:process sigchld; > ') > > 2. There is no reason to add the scanner program be added to > slimserver.fc that was generated by policygentool, is there? Only if you are creating a context for slimserver_scanner_exec_t, otherwise just let it be labeled sbin_t. > The file itself just needs to be labeled appropriately, right? Or does > that file play some role in policy compilation in a step that I did > not explicitly executed when I invoked 'make -f > /usr/share/selinux/devel/Makefile'? > > Thanks in advance. > -al > -- > Al Pacifico > Seattle, WA > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > <a href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/fedora-selinux-list"> https://www.redhat.com/mailman/listinfo/fedora-selinux-list</a> </blockquote></div> -- Al Pacifico Seattle, WA