From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Pfdv3-00083Q-JB for garchives@archives.gentoo.org; Wed, 19 Jan 2011 19:42:13 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 71A1FE0912; Wed, 19 Jan 2011 19:40:07 +0000 (UTC) Received: from mail-yw0-f53.google.com (mail-yw0-f53.google.com [209.85.213.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 43BCAE0912 for ; Wed, 19 Jan 2011 19:40:07 +0000 (UTC) Received: by ywa6 with SMTP id 6so738126ywa.40 for ; Wed, 19 Jan 2011 11:40:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=biEuQvFPkCct4bPu2rc61OHFBWjAn4kpojJeMtmdcvI=; b=XPlklGBITcNm4hn2dUFK33sxa8hVoV4JVy750mxAUgjEhS8o0BJE2Pc329FulZf7lC CNIxij1nGf2SWUthFGaxLD8+rIe3VXlcWEuQplgDdd5qzsZOPfHEYgTpyh/VJqtUGEqq yJGnzYcUPR1lkwDH/UJMW8p1pIGa+Ckc883B4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=eYBdXacA7icq46jWfNomgiOepDAbeBxW1E+WmHvxQsigHepKLfbs9RyMcWUbgGBjyV uA2V6NRd0Bz+wRZgVn/Smw5xFtxF00hibB7CXV2HkggCt2I4tfzvwD3RvU/wS4WUs+Ia em8GaIvjjia6RtUp+3+uCbxmjeN1E+r/y5BEo= Received: by 10.227.156.69 with SMTP id v5mr1343237wbw.10.1295466006120; Wed, 19 Jan 2011 11:40:06 -0800 (PST) Received: from siphos.be ([83.101.67.57]) by mx.google.com with ESMTPS id 11sm5371859wbi.0.2011.01.19.11.39.45 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 19 Jan 2011 11:39:45 -0800 (PST) Sender: Sven Vermeulen Date: Wed, 19 Jan 2011 20:39:37 +0100 From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] SELinux policy rules principles? Message-ID: <20110119193936.GA7787@siphos.be> References: <20110116150950.GA17577@siphos.be> <4D3325A7.5080101@giz-works.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4D3325A7.5080101@giz-works.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: X-Archives-Hash: 325bb6266c2b5ca576711fafdfc2fa49 On Sun, Jan 16, 2011 at 11:06:47AM -0600, Chris Richards wrote: > My general feeling is that the system should operate FROM THE USER > PERSPECTIVE the way it always does, i.e. the existence of SELinux should > be relatively transparent to the user and/or administrator, at least to > the extent that is practical. There may be some things that you simply > can't avoid changing, but they should generally be few and far between. So you want the application to function properly and that the logs have no "cosmetic" AVC denials (fine - fully agree here). One thing that I can't gather from this is - do you want to dontaudit the AVC denials which apparently have no impact on functionality, or - do you want to allow the AVC denials even though they have no impact on functionality I personally don't mind having Gentoo Hardened pick the latter (we use SELinux to confine applications in the manner that no denial should ever be triggered as long as the application doesn't go beyond what it is programmed to do). Even though it might not be within the principle of "least privilege" (only allow what it needs), at least it gives the SELinux policy developer a clearer scope of his tasks. The problem with the first approach is that other users have a higher likelihood of having a malfunctioning system than with the last (what the developer sees as cosmetic might be important on other systems). Wkr, Sven Vermeulen