[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/kernel/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/kernel/
Date: Fri, 28 Nov 2014 10:44:45 +0000 (UTC)	[thread overview]
Message-ID: <1417171409.7c41301a215662b550962c3440879d302d4fc6ee.swift@gentoo> (raw)

commit:     7c41301a215662b550962c3440879d302d4fc6ee
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Nov 28 10:13:54 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Nov 28 10:43:29 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=7c41301a

Fix bug 529204 - Support a dhcpc_script_t domain

We introduce an executable domain (dhcpc_script_t) through which the
hooks can be executed for the DHCP clients. This domain is separate in
order to keep the privileges of the application small, but also because
this domain will execute commands that are not in the responsibility of
the DHCP client code itself (code-wise) but is provided by
administrators.

Security-wise, as these are scripts, it is more difficult to guarantee
correctness. As such, we want to isolate these privileges into its own
domain.

The domain will have basic privileges to support the majority of
installations, but we also include a sysnet_dhcpc_script_entry()
interface so that domain transitions can be easily added without the
need for augmenting the privileges of the dhcpc_script_t domain.

---
 policy/modules/kernel/corecommands.fc |  2 +-
 policy/modules/system/sysnetwork.fc   |  3 +++
 policy/modules/system/sysnetwork.te   | 49 +++++++++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 406a11e..40fd54b 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -143,7 +143,7 @@ ifdef(`distro_debian',`
 /lib/upstart(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
 ifdef(`distro_gentoo',`
-/lib/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:bin_t,s0)
+#/lib/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:bin_t,s0)
 
 /lib/rcscripts/addons(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /lib/rcscripts/sh(/.*)?			gen_context(system_u:object_r:bin_t,s0)

diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index fbb935c..b1c6404 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -80,3 +80,6 @@ ifdef(`distro_debian',`
 /var/run/network(/.*)?	gen_context(system_u:object_r:net_conf_t,s0)
 ')
 
+ifdef(`distro_gentoo',`
+/lib/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:dhcpc_script_exec_t,s0)
+')

diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 3576536..7ee4bf7 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -422,4 +422,53 @@ ifdef(`distro_gentoo',`
 	optional_policy(`
 		resolvconf_client_domain(dhcpc_t)
 	')
+
+	#########################################
+	#
+	# dhcpc_script_t
+	#
+
+	# The purpose of the dhcpc_script_t domain is to handle the post-processing of 
+	# the dhcpcd ip renewal. dhcpcd (the tool) supports hooks for this, and I would
+	# assume others do as well. With the dhcpc_script_t domain we can isolate the
+	# privileges of the DHCP client itself from the hooks / flexibility that the developers
+	# introduced.
+
+	type dhcpc_script_t;
+	domain_type(dhcpc_script_t)
+	role dhcpc_roles types dhcpc_script_t;
+
+	type dhcpc_script_exec_t;
+	domain_entry_file(dhcpc_script_t, dhcpc_script_exec_t)
+
+	type dhcpc_script_var_run_t;
+	files_pid_file(dhcpc_script_var_run_t)
+
+	type dhcpc_script_tmp_t;
+	files_tmp_file(dhcpc_script_tmp_t)
+
+	########################################
+	#
+	# dhcpc script policy
+	#
+
+	allow dhcpc_script_t self:fifo_file rw_fifo_file_perms;
+
+	manage_files_pattern(dhcpc_script_t, dhcpc_script_tmp_t, dhcpc_script_tmp_t)
+	files_tmp_filetrans(dhcpc_script_t, dhcpc_script_tmp_t, { file dir })
+
+	manage_files_pattern(dhcpc_script_t, dhcpc_script_var_run_t, dhcpc_script_var_run_t)
+	filetrans_pattern(dhcpc_script_t, dhcpc_var_run_t, dhcpc_script_var_run_t, { file dir })
+
+	corecmd_exec_bin(dhcpc_script_t)
+	corecmd_exec_shell(dhcpc_script_t)
+
+	# Perhaps sysnet_domtrans_dhcpc_script could be used instead and positioned in the dhcpc_t section
+	domtrans_pattern(dhcpc_t, dhcpc_script_exec_t, dhcpc_script_t)
+
+	sysnet_manage_config(dhcpc_script_t)
+
+	optional_policy(`
+		ntp_manage_config(dhcpc_script_t)
+	')
 ')

next             reply	other threads:[~2014-11-28 10:44 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-28 10:44 Sven Vermeulen [this message]
  -- strict thread matches above, loose matches on Subject: below --
2014-11-28 11:01 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/kernel/ Sven Vermeulen
2015-10-14 18:36 Jason Zaman
2015-10-26  5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-26  5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:52 Jason Zaman
2015-12-18  3:49 Jason Zaman
2015-12-18  4:14 Jason Zaman
2017-01-01 16:36 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/system/ Jason Zaman
2017-01-01 16:37 ` [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/kernel/ Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-27 10:50 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-27 11:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-25 17:08 Jason Zaman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:406a11e dfblob:40fd54b dfblob:fbb935c dfblob:b1c6404
dfblob:3576536 dfblob:7ee4bf7 )
 OR (
bs:"[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/kernel/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1417171409.7c41301a215662b550962c3440879d302d4fc6ee.swift@gentoo \
    --to=swift@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox