On Thu, 2005-04-14 at 16:33 -0400, Steve Brueckner wrote:
I need to lock down the local interprocess communications (sockets,
pipes,
shared memory...) for a few untrusted applications under the targeted
policy. For example, I want to write policies for Mozilla and Eclipse such
that Eclipse may connect to Mozilla's tcp socket 80 via loopback, but
Eclipse may not connect to any other process's tcp socket 80 via loopback.
Same thing goes for other methods of IPC.
You mean apache rather than mozilla, right?
I suspect this means I have to figure out how to label sockets and
the like
with special contexts as they are created. Am I on the right track here?
If so, how would I adjust my policies to label these IPC resources on a
per-process basis? Or is this not do-able with SELinux?
You can control network communication (loopback or otherwise) via the
permission checks between the sending socket security context and the
security contexts of the network interface, the destination host, and
the destination port. These are the netif and node tcp_send permissions
and the tcp_socket send_msg permission. Sockets are labeled in
accordance with the creating process, so you just need to define a
domain for eclipse.
What I'm proposing here is a little more involved than most of
the SELinux
documentation I've found online, so any good resources would be appreciated.
Of course, the more that is spelled out for me in a direct reply the bigger
my head start
will be. At this point I don't even know where to begin.
Possible resources:
The RHEL4 SELinux Guide,
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/
- Understanding and Customizing the Apache HTTP SELinux Policy,
http://fedora.redhat.com/docs/selinux-apache-fc3/
- Sourceforge SELinux HOWTOs
http://sourceforge.net/docman/?group_id=21266
- SELinux: NSA's Open Source Security Enhanced Linux by Bill McCarty,
http://www.oreilly.com/catalog/selinux/
- Tresys Technology Policy Writing Course Slides,
http://www.tresys.com/selinux/selinux-course-outline.html
- Configuring the SELinux Policy,
http://www.nsa.gov/selinux/papers/policy2-abs.cfm
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency