Linas Vepstas linas-at-austin.ibm.com
Its not obvious (to me) that there isn't a path
through those rules that allows privledge escalation.
Unfortunately, there are a lot
of rules: last time I looked at one of the config files, it was
thousands of lines long. Thus, a short, simple audit performed by
one person seems out of the question.
Has anyone been working on a graphical representation to the rules and
current labeling for visualizing a rulebase/system/runtime
configuration? It seems to me that for Fedora/SELinux to go mainstream
some form of a visual auditing tool would be required. Being able to
take some entity such as a file system or running process and visually
displaying the access permissions in the context of privileges granted
to a user or process would go a long way towards SE's mainstream
adoption. If such a tool were to also help the admin rewrite the rules
based on changes to entities while walking down the directory tree it
would put SELinux in a much better position for the average admin. Of
course such a tool would require careful though in the design due to the
desired separation of duties (e.g. auditing vs. administration privs)
and the rule definition v.s. Application thereof v.s. the runtime
contexts for a given user/process.
I have to admit that I have been merely lurking here for a while and
have not yet installed SELinux on anything as of yet. My “lurking”
rather than “doing” is due mostly to my time limitations, and the
thought of making my system unusable for my real work because I would
have no way to understand all the rules in such short order. If I could
see the effects of making a given change (e.g. color coding, symbolic
representation) to the system before actually applying that change
(relabeling) then I would be much less hesitant to convert everything
over to FC2/3 with SELinux as my primary reason for migrating. From
what I can see so far SELinux is great stuff, and I praise everyone
working on it for such dedicated work! Thanks to all.