[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/27/2011 12:40 PM, Guido Trentalancia wrote:
> On Tue, 2011-09-27 at 08:46 -0400, Stephen Smalley wrote:
>> On Fri, 2011-09-23 at 19:12 -0400, Eric Paris wrote:
>>> On Sat, 2011-09-24 at 00:38 +0200, Guido Trentalancia wrote:
>>>> Hello Eric.
>>>> 
>>>> On Fri, 2011-09-23 at 17:17 -0400, Eric Paris wrote:
>>>>> On Fri, 2011-09-23 at 23:12 +0200, Guido Trentalancia
>>>>> wrote:
>>>>> 
>>>>>> You seem to suggest that load_policy -i (and not the
>>>>>> kernel) should make sure that init has transitioned to
>>>>>> its designated context...
>>>>> 
>>>>> Can't speak for Justin's system.
>>>> 
>>>> That's for sure. But it seems to me that he already stated
>>>> that it just loaded plain refpolicy from git on a plain F15
>>>> system. Since we are on the list he might even confirm once
>>>> again...
>>>> 
>>>>> But that's not what I said.  I said it's /sbin/init's
>>>>> problem to make sure it did the right thing and to handle
>>>>> errors correctly if it failed.  If Justin has his box
>>>>> enforcing and can boot without loading a policy that's a
>>>>> bug and needs to be filed.
>>>> 
>>>> He has loaded the policy.
>>>> 
>>>> The point is that when init does not transition to init_t
>>>> nothing happens and the system keeps running with all
>>>> processes in kernel_t or insmod_t.
>>>> 
>>>> It surely use to happen with upstream components and policy
>>>> back at the beginning of this year (I did test that and
>>>> reported it to the refpolicy mailing list).
>>>> 
>>>> Apparently it also happens with Fedora 15 according to what
>>>> Justin reported on here when he started this thread...
>>>> 
>>>> Earlier on Daniel Walsh said Fedora and RHEL would crash in
>>>> such case (init has not transitioned properly to init_t).
>>> 
>>> Ahhh, different than I was talking sorry.  In upstream systemd
>>> git the code in question looks like so:
>>> 
>>> /* Transition to the new context */ r =
>>> label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label); 
>>> if (r < 0 || label == NULL) { log_open(); log_error("Failed to
>>> compute init label, ignoring."); } else { r = setcon(label);
>>> 
>>> log_open(); if (r < 0) log_error("Failed to transition into
>>> init label '%s', ignoring.", label);
>>> 
>>> label_free(label); }
>>> 
>>> sds, what do you think, should we make these?  We do know the
>>> requisite enforce state in this function...
>> 
>> These should be fatal errors if enforcing.
> 
> Yes, I agree. Fatal errors and system halt.
> 
> This is especially true because the box might not be isolated from
> the outside world for network services might be up and running in
> wrong contexts.
> 
> Thanks.
> 
> Guido
> 
> 
> 
> -- This message was distributed to subscribers of the selinux
> mailing list. If you no longer wish to subscribe, send mail to
> majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux"
> without quotes as the message.


Please open a bugzilla, always better coming from outside of Red Hat
and CC eric and me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6CD0YACgkQrlYvE4MpobNF/ACg3qPSOhiTUj0JlUfhJVA9X5tY
O/gAn1U4EWHloCQXY3prySxS9HjtPoNb
=oC9z
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux