Is there a SELinux tutorial for ISVs ?

Daniel J Walsh dwalsh at redhat.com
Mon May 9 17:19:58 UTC 2005 

Mike Hearn wrote:

>On Mon, 2005-05-09 at 11:32 -0400, Daniel J Walsh wrote:
>  
>
>>The goal is to not change the fundamental securitylevel on
>>policy/kernel updates [ ... ] Any new booleans need to default to
>>true. 
>>    
>>
>
>Hmm, so if I understand correctly then it's actually very possible that
>updates/new distro versions will be shipped that deny things that were
>previously allowed by default, as long as there is a boolean to switch
>them off?
>
>That sounds like by default every time you upgrade, programs might
>break. There must be a better way to deal with this.
>
>  
>
>>This is what booleans are for.
>>    
>>
>
>Booleans are just an implementation mechanism, what is needed is some
>simple (end-user understandable) means for ISVs to communicate what
>permissions their software needs - possibly for old versions of their
>software that don't work with new policy.
>  
>
No.  If you update policy or kernel or any other componant of SELinux, 
things should
work as they did before.  Anything that breaks is a bug.

>Usability-wise it's not OK to put:
>
>"This software requires that the SELinux 'foo', 'bar', 'xyz' booleans be
>set to false".
>  
>
We attempt to set a reasonable relaxness around the policy.  So most 
booleans are set to allow users full access.

Advanced users may want to turn up the security.  So if a user wants to 
be able to turn off apache's ability to run
cgi scripts.  They can set httpd_enable_cgi=0.  The default will be 
allow cgi scripts.

>This is asking too much of the user, especially as there should ideally
>be some easy way to apply more relaxed policy to an individual program
>if it can't cope with the system defaults. Booleans for individual
>programs is just too complicated.
>
>  
>
Agreed, that is why we ship with a relaxed policy where reasonable.

>I suggested a level system because (I think) it's reasonable to expect
>end users to deal with statements like "This program cannot run with
>security level 3 or higher". Whereas it's not reasonable to expect
>people to be able to adjust things at a finer level of detail than that.
>
>thanks -mike
>
>  
>


--

More information about the fedora-selinux-list mailing list