Helper program for a daemon

Al Pacifico adpacifico at users.sourceforge.net
Tue Apr 24 15:36:01 UTC 2007


On 4/19/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
> Al Pacifico wrote:
> > I (a greenhorn with selinux) am writing a policy for a daemon that
> > streams music files over my home network to a music player client (a
> > Slimdevices Squeezebox). My OS is FC5.
> >
> > The main daemon (/usr/sbin/slimserver) is a perl script that serves
> > the music files and is started with an init script. My questions have
> > to do with a secondary program (/usr/sbin/slimserver-scanner, also a
> > perl script) that scans the music on the server, reading mp3 tags and
> > such, and generates a database of stored music that is stored in a
> > MySQL database. /usr/sbin/slimserver-scanner is invoked by the
> > /usr/sbin/slimserver daemon and might be invoked by the user (although
> > I can't recall ever doing so in several years of owning a Squeezebox).
> >
> > I've been following the example posted by Dan Walsh in a blog at
> > http://danwalsh.livejournal.com/8707.html?thread=39171 which has been
> > extremely helpful.
> >
> > My (2) questions:
> > 1. What is the appropriate file context for the scanner program?
> > system_u:object_r:sbin_t?
> > system_u:object_r:slimserver_t?
> > system_u:object_r:slimserver_exec_t?
> >
> That depends on your security goals.  If you want the slimserver-scanner
> to have the same privs as slimserver you would label it sbin_t and allow
> slimserver to corecmd_exec_sbin().  If you want to go with least privs,
> you would create a new policy for slimserver-scanner
> (slimserver_scanner_t with file context of slimserver_scanner_exec_t)
> and then add a rule to slimserver_t to domtrans
> slimserver_scanner_domtrans(slimserver_t)


I'm a little confused about this. I want to limit privileges of slimserver
and slimserver-scanner to accessing only certain files. If I label
slimserver-scanner as 'sbin_t', when a user executes slimserver-scanner,
won't he/she have more privileges than slimserver then?

> The generated slimserver.fc file contains:
> > # slimserver executable will have:
> > # label: system_u:object_r:slimserver_exec_t
> > # MLS sensitivity: s0
> > # MCS categories: <none>
> >
> > /usr/sbin/slimserver            --
> > gen_context(system_u:object_r:slimserver_exec_t,s0)
> > /var/run/slimserver.pid
> > gen_context(system_u:object_r:slimserver_var_run_t,s0)
> > /var/log/slimserver
> > gen_context(system_u:object_r:slimserver_var_log_t,s0)
> >
> > and the slimserver.if file contains:
> > interface(`slimserver_domtrans',`
> >         gen_require(`
> >                 type slimserver_t, slimserver_exec_t;
> >         ')
> >
> >         domain_auto_trans($1,slimserver_exec_t,slimserver_t)
> >
> >         allow $1 slimserver_t:fd use;
> >         allow slimserver_t $1:fd use;
> >         allow slimserver_t $1:fifo_file rw_file_perms;
> >         allow slimserver_t $1:process sigchld;
> > ')
> >
> > 2. There is no reason to add the scanner program be added to
> > slimserver.fc that was generated by policygentool, is there?
> Only if you are creating a context for slimserver_scanner_exec_t,
> otherwise just let it be labeled sbin_t.
> > The file itself just needs to be labeled appropriately, right? Or does
> > that file play some role in policy compilation in a step that I did
> > not explicitly executed when I invoked 'make -f
> > /usr/share/selinux/devel/Makefile'?
> >
> > Thanks in advance.
> > -al
> > --
> > Al Pacifico
> > Seattle, WA
> > ------------------------------------------------------------------------
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>


-- 
Al Pacifico
Seattle, WA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070424/4e25931f/attachment.htm>


More information about the fedora-selinux-list mailing list