From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:secmodel commit in: policy/modules/contrib/
Date: Sun, 8 Feb 2015 16:38:12 +0000 (UTC) [thread overview]
Message-ID: <1423413389.24a0c6c649801b12ee1ca90dfb962e0fd61d4344.swift@gentoo> (raw)
commit: 24a0c6c649801b12ee1ca90dfb962e0fd61d4344
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Feb 1 19:55:45 2015 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Feb 8 16:36:29 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=24a0c6c6
Add interfaces for Gentoo's security model
On https://wiki.gentoo.org/wiki/Project:SELinux/Development_policy the
basic security model that we want to support is documented.
To make support for this security model more applicable, we provide the
necessary interfaces for domains to (optionally or not) call.
See also http://thread.gmane.org/gmane.linux.gentoo.hardened/6292
---
policy/modules/contrib/gentoo.if | 797 +++++++++++++++++++++++++++++++++++++++
1 file changed, 797 insertions(+)
diff --git a/policy/modules/contrib/gentoo.if b/policy/modules/contrib/gentoo.if
new file mode 100644
index 0000000..593bb2d
--- /dev/null
+++ b/policy/modules/contrib/gentoo.if
@@ -0,0 +1,797 @@
+## <summary>Gentoo specific interfaces for improving SELinux management</summary>
+
+#########################################
+## <summary>
+## Monitor the system
+## </summary>
+## <desc>
+## <p>
+## The system monitor privilege set allows for a system domain to read various
+## file types, system state (like sysctl values), process states, etc. It is
+## a read-only set of privileges.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access
+## </summary>
+## </param>
+#
+interface(`gentoo_secmodel_monitor_system',`
+
+')
+
+#########################################
+## <summary>
+## Administer services
+## </summary>
+## <desc>
+## <p>
+## The service administrator privilege set allows for a system domain to manage
+## the state of services as well as perform administrative commands against
+## those services (in other words, grant the _admin() interfaces of various
+## services).
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access
+## </summary>
+## </param>
+#
+interface(`gentoo_secmodel_manage_services',`
+ # These are all admin interfaces where a labeled init script is provided for
+ optional_policy(`
+ abrt_admin($1, $2)
+ ')
+
+ optional_policy(`
+ acct_admin($1, $2)
+ ')
+
+ optional_policy(`
+ afs_admin($1, $2)
+ ')
+
+ optional_policy(`
+ aiccu_admin($1, $2)
+ ')
+
+ optional_policy(`
+ aisexecd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ amavis_admin($1, $2)
+ ')
+
+ optional_policy(`
+ amtu_admin($1, $2)
+ ')
+
+ optional_policy(`
+ apache_admin($1, $2)
+ ')
+
+ optional_policy(`
+ apcupsd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ apm_admin($1, $2)
+ ')
+
+ optional_policy(`
+ arpwatch_admin($1, $2)
+ ')
+
+ optional_policy(`
+ asterisk_admin($1, $2)
+ ')
+
+ optional_policy(`
+ automount_admin($1, $2)
+ ')
+
+ optional_policy(`
+ avahi_admin($1, $2)
+ ')
+
+ optional_policy(`
+ bacula_admin($1, $2)
+ ')
+
+ optional_policy(`
+ bcfg2_admin($1, $2)
+ ')
+
+ optional_policy(`
+ bind_admin($1, $2)
+ ')
+
+ optional_policy(`
+ bird_admin($1, $2)
+ ')
+
+ optional_policy(`
+ bitcoin_admin($1, $2)
+ ')
+
+ optional_policy(`
+ bitlbee_admin($1, $2)
+ ')
+
+ optional_policy(`
+ bluetooth_admin($1, $2)
+ ')
+
+ optional_policy(`
+ boinc_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cachefilesd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ callweaver_admin($1, $2)
+ ')
+
+ optional_policy(`
+ canna_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ccs_admin($1, $2)
+ ')
+
+ optional_policy(`
+ certmaster_admin($1, $2)
+ ')
+
+ optional_policy(`
+ certmonger_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cfengine_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cgroup_admin($1, $2)
+ ')
+
+ optional_policy(`
+ chronyd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cipe_admin($1, $2)
+ ')
+
+ optional_policy(`
+ clamav_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cmirrord_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cobbler_admin($1, $2)
+ ')
+
+ optional_policy(`
+ collectd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ condor_admin($1, $2)
+ ')
+
+ optional_policy(`
+ corosync_admin($1, $2)
+ ')
+
+ optional_policy(`
+ couchdb_admin($1, $2)
+ ')
+
+ optional_policy(`
+ # No admin interface
+ cron_initrc_domtrans($1)
+ ')
+
+ optional_policy(`
+ ctdb_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cups_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cvs_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cyphesis_admin($1, $2)
+ ')
+
+ optional_policy(`
+ cyrus_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dante_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ddclient_admin($1, $2)
+ ')
+
+ optional_policy(`
+ denyhosts_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dhcpd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dictd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dirmngr_admin($1, $2)
+ ')
+
+ optional_policy(`
+ distcc_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dkim_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dnsmasq_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dnssectrigger_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dovecot_admin($1, $2)
+ ')
+
+ optional_policy(`
+ drbd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ dspam_admin($1, $2)
+ ')
+
+ optional_policy(`
+ entropyd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ exim_admin($1, $2)
+ ')
+
+ optional_policy(`
+ fail2ban_admin($1, $2)
+ ')
+
+ optional_policy(`
+ fcoe_admin($1, $2)
+ ')
+
+ optional_policy(`
+ fetchmail_admin($1, $2)
+ ')
+
+ optional_policy(`
+ firewalld_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ftp_admin($1, $2)
+ ')
+
+ optional_policy(`
+ gatekeeper_admin($1, $2)
+ ')
+
+ optional_policy(`
+ gdomap_admin($1, $2)
+ ')
+
+ optional_policy(`
+ glance_admin($1, $2)
+ ')
+
+ optional_policy(`
+ glusterfs_admin($1, $2)
+ ')
+
+ optional_policy(`
+ gpm_admin($1, $2)
+ ')
+
+ optional_policy(`
+ gpsd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ hadoop_admin($1, $2)
+ ')
+
+ optional_policy(`
+ hddtemp_admin($1, $2)
+ ')
+
+ optional_policy(`
+ howl_admin($1, $2)
+ ')
+
+ optional_policy(`
+ hypervkvp_admin($1, $2)
+ ')
+
+ optional_policy(`
+ i18n_input_admin($1, $2)
+ ')
+
+ optional_policy(`
+ icecast_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ifplugd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ inn_admin($1, $2)
+ ')
+
+ optional_policy(`
+ iodine_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ircd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ irqbalance_admin($1, $2)
+ ')
+
+ optional_policy(`
+ iscsi_admin($1, $2)
+ ')
+
+ optional_policy(`
+ isnsd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ jabber_admin($1, $2)
+ ')
+
+ optional_policy(`
+ kdump_admin($1, $2)
+ ')
+
+ optional_policy(`
+ kerberos_admin($1, $2)
+ ')
+
+ optional_policy(`
+ kerneloops_admin($1, $2)
+ ')
+
+ optional_policy(`
+ keystone_admin($1, $2)
+ ')
+
+ optional_policy(`
+ kismet_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ksmtuned_admin($1, $2)
+ ')
+
+ optional_policy(`
+ kudzu_admin($1, $2)
+ ')
+
+ optional_policy(`
+ l2tp_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ldap_admin($1, $2)
+ ')
+
+ optional_policy(`
+ likewise_admin($1, $2)
+ ')
+
+ optional_policy(`
+ lircd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ lldpad_admin($1, $2)
+ ')
+
+ optional_policy(`
+ mscan_admin($1, $2)
+ ')
+
+ optional_policy(`
+ mcelog_admin($1, $2)
+ ')
+
+ optional_policy(`
+ memcached_admin($1, $2)
+ ')
+
+ optional_policy(`
+ minidlna_admin($1, $2)
+ ')
+
+ optional_policy(`
+ minissdpd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ mongodb_admin($1, $2)
+ ')
+
+ optional_policy(`
+ monop_admin($1, $2)
+ ')
+
+ optional_policy(`
+ mpd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ mrtg_admin($1, $2)
+ ')
+
+ optional_policy(`
+ munin_admin($1, $2)
+ ')
+
+ optional_policy(`
+ mysql_admin($1, $2)
+ ')
+
+ optional_policy(`
+ nagios_admin($1, $2)
+ ')
+
+ optional_policy(`
+ nessus_admin($1, $2)
+ ')
+
+ optional_policy(`
+ networkmanager_admin($1, $2)
+ ')
+
+ optional_policy(`
+ nis_admin($1, $2)
+ ')
+
+ optional_policy(`
+ nscd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ nsd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ nslcd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ntop_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ntp_admin($1, $2)
+ ')
+
+ optional_policy(`
+ numad_admin($1, $2)
+ ')
+
+ optional_policy(`
+ nut_admin($1, $2)
+ ')
+
+ optional_policy(`
+ oident_admin($1, $2)
+ ')
+
+ optional_policy(`
+ openct_admin($1, $2)
+ ')
+
+ optional_policy(`
+ openhpi_admin($1, $2)
+ ')
+
+ optional_policy(`
+ openvpn_admin($1, $2)
+ ')
+
+ optional_policy(`
+ openvswitch_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pacemaker_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pcscd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pegasus_admin($1, $2)
+ ')
+
+ optional_policy(`
+ perdition_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pingd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pkcs_admin_slotd($1, $2)
+ ')
+
+ optional_policy(`
+ polipo_admin($1, $2)
+ ')
+
+ optional_policy(`
+ portmap_admin($1, $2)
+ ')
+
+ optional_policy(`
+ portreserve_admin($1, $2)
+ ')
+
+ optional_policy(`
+ postfix_admin($1, $2)
+ ')
+
+ optional_policy(`
+ postfixpolicyd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ postgrey_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ppp_admin($1, $2)
+ ')
+
+ optional_policy(`
+ prelude_admin($1, $2)
+ ')
+
+ optional_policy(`
+ privoxy_admin($1, $2)
+ ')
+
+ optional_policy(`
+ psad_admin($1, $2)
+ ')
+
+ optional_policy(`
+ puppet_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pxe_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pyicqt_admin($1, $2)
+ ')
+
+ optional_policy(`
+ pyzor_admin($1, $2)
+ ')
+
+ optional_policy(`
+ qpidd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ quantum_admin($1, $2)
+ ')
+
+ optional_policy(`
+ quota_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rabbitmq_admin($1, $2)
+ ')
+
+ optional_policy(`
+ radius_admin($1, $2)
+ ')
+
+ optional_policy(`
+ radvd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ raid_admin_mdadm($1, $2)
+ ')
+
+ optional_policy(`
+ redis_admin($1, $2)
+ ')
+
+ optional_policy(`
+ resmgr_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rgmanager_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rhcs_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rhsmcertd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ ricci_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rngd_admin($1, $2)
+ ')
+
+ optional_policy(`
+ roundup_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rpcbind_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rpm_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rtkit_admin($1, $2)
+ ')
+
+ optional_policy(`
+ rwho_admin($1, $2)
+ ')
+
+ optional_policy(`
+ salt_admin_master($1, $2)
+ ')
+
+ optional_policy(`
+ salt_minion_master($1, $2)
+ ')
+')
+
+#########################################
+## <summary>
+## Administer software
+## </summary>
+## <desc>
+## <p>
+## The software administrator privilege set allows for a system domain to manage
+## various file types (but not, or only in a very controlled manner, security
+## sensitive files).
+## </p>
+## <p>
+## The software administrator can transition to package management tools and
+## invoke administrative commands needed to finalize software installation.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access
+## </summary>
+## </param>
+#
+interface(`gentoo_secmodel_manage_software',`
+ optional_policy(`
+ bootloader_run($1, $2)
+ ')
+')
+
+#########################################
+## <summary>
+## Administer system state
+## </summary>
+## <desc>
+## <p>
+## The system state administrator privilege set allows for system state
+## handling, including sysctl values, network configuration settings, etc.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access
+## </summary>
+## </param>
+#
+interface(`gentoo_secmodel_manage_system_state',`
+
+')
+
+#########################################
+## <summary>
+## Administer system security
+## </summary>
+## <desc>
+## <p>
+## The security administrator privilege set allows for security-sensitive types
+## to be managed, including SELinux policy.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access
+## </summary>
+## </param>
+#
+interface(`gentoo_secmodel_manage_system_security',`
+
+')
+
next reply other threads:[~2015-02-08 16:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-08 16:38 Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-02-08 18:19 [gentoo-commits] proj/hardened-refpolicy:secmodel commit in: policy/modules/contrib/ Sven Vermeulen
2015-02-08 16:32 Sven Vermeulen
2015-02-08 16:30 Sven Vermeulen
2015-02-08 16:26 Sven Vermeulen
2015-02-08 15:54 Sven Vermeulen
2015-02-08 15:43 Sven Vermeulen
2015-02-08 14:35 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1423413389.24a0c6c649801b12ee1ca90dfb962e0fd61d4344.swift@gentoo \
--to=swift@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox