SELinux and third party installers

Stephen Smalley sds at epoch.ncsc.mil
Tue Jan 4 16:25:31 UTC 2005


On Tue, 2005-01-04 at 11:25, Mike Hearn wrote:
> OK, so what would Colins proposed daemon actually do then? Is kernel-level
> context propagation enough and if so why does install have to be modified?
> 
> I'm a little confused now and feel I'm missing some key bit of
> understanding ...

I'm not in favor of the daemon idea.  "install" is akin to "rpm" in the
sense of installing a file, so it may make sense to initialize its
security context based on pathname at that time, because we have no real
runtime knowledge of its security properties and have presumably checked
its integrity in some manner prior to installation.  But for normal
day-to-day file copying, the kernel (or some daemon) has no way of
knowing whether:
a) the context of the original should be preserved (e.g. making a backup
copy of /etc/shadow),
b) the context of the target location should be used (e.g. copying a
file from /home to /var/www to export it via apache),
c) the context should factor in information about the copying process,
reflecting its own confidentiality or integrity properties.

Hence, any "automagic" technique based on pathname is not suitable.  

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list