[redhat-lspp] exporting data, device allocator, etc

[Russell Coker]

The discussion on exporting data lost me a bit (maybe because of it
being 3:30AM my time) so I didn't comment during the call.

The examples given didn't seem to match the policy we use at all which
made things difficult.  The type iso9660_t is for files in iso9660 file
systems (not necessarily read-only media - there is nothing stopping you
from using the iso9660 file system on a hard disk).  The media itself
will be removable_device_t.  So if you want to audit writing to a CD/DVD
(assuming it's not a DVD-RAM which may work differently - I've never
used one) then you will be auditing writing to the removable_device_t
type of device node.

If I understood the basics of the discussion in question then the idea
is that you might use a tool such as cdrecord to write to the CD-ROM and
you want to audit the files that are written.  Writing to a CD-ROM by a
process in user_t or staff_t (the two non-administrative login domains
in the strict policy) is not permitted.  The user_cdrecord_t or
staff_cdrecord_t domains can be used to do this (and no other domain a
non-administrative user may access).

Therefore the issue we face is auditing the files read by the cdrecord
program.  Configuring the system to audit file reads by user_cdrecord_t
etc by the use of auditallow rules is easy enough.

The next issue is floppy disks, USB mass storage and other removable
media that might be auto-mounted.  Other discussion suggested that USB
mass storage would not be supported, but floppies have the same issues.
The issue is that the system assigns the type dosfs_t to all MS-DOS
based file systems by default and the Red Hat configuration is to use a
context mount to assign the type removable_t (with wide access permitted
in the strict policy).  Maybe the solution to this could involve
restricting write access to such devices to only a certain program (or
programs) that have audit support.  Then you might use fcp to copy files
to a floppy.