On Wed, 2004-09-01 at 02:37, Russell Coker wrote:
One thing to remember is that any time you see user_t in policy
it's a local
customisation or a bug.
In this case it seems to me that one correct way of writing policy for this is
the following:
allow { dbus_client_domain userdomain } etc_dbusd_t:dir { search };
allow { dbus_client_domain userdomain } etc_dbusd_t:file { getattr read };
allow { dbus_client_domain userdomain } user_t:netlink_selinux_socket { bind
create };
But then we are granting almost every domain that has any significance in the
security of the system read access. So why not just label the files as etc_t
and remove the etc_dbusd_t type entirely?
These permissions shouldn't be granted directly to the user domains. We
need per-userdomain dbusd domains defined via a macro for the
per-session message bus.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency