Hi, I finally decided to invest some time into SELinux, having run it in permissive/useless mode for months now. While trying to come up with the right policy changes to make my system still work I stumbled upon a few things.
How to handle daemons that drop root? Is it ok to allow their domain
setuid & setgid capabilities? Am I right that this does not give
additional privilege, i.e. after root is dropped, the process can no
longer do setuid even with the capability allowed?
I'd like to make root:sysadm_r:sysadm:t omnipotent. Can this be done
in a few lines? Is it a hole? I find that I'd still have to go to
permissive mode to get things done, which would be an even bigger
hole.
Why do I get:
Mar 22 09:43:23 hoss kernel: avc: denied { transition } for pid=766
exe=/usr/bin/runas path=/etc/init.d/privoxy dev=03:01 ino=10157
scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:initrc_t
tclass=process
when I have the following in /etc/selinux/policy.conf:
allow sysadm_t initrc_t:process transition;
Is it because of the id/roles mismatch? How do I fix that?
Isn't the can_network definition too broad, including rawip_* stuff?
Hardly any program should need that, no?
Must I really prefix everything in the file/net context definitions
with "system_u:object_r:" -- can't this be the default?
Is there a macro to handle the dns goo (reading nsswitch, hosts,
resolv.conf, connecting to a dns server, ...)?
TIA & Ta,
--
Robbe
pgp2lnJW7POQ9.pgp
Description: PGP signature
