On Tue, 2010-05-11 at 11:10 -0500, Xavier Toth wrote:
I'm a bit confused about something. mcstransd creates a socket
and
through a transition rule it get labeled setrans_var_run_t (this is
also the type used with mls_trusted_object in the setrans policy)
however when other apps try and connect to it the target context type
is setrans_t which of course isn't trusted so no one can connect. As
an experiment I added setrans_t as a mls trusted object and then other
apps could connect. Not sure where the target context comes from on
connectto because the socket file is label setrans_var_run_t on the
disk. Something needs fixing just not sure what. Doesn't seem right to
add 'mls_trusted_object(setrans_t)'.
When you create and bind a Unix domain socket in the file system
namespace (as opposed to the abstract namespace), there are two objects:
the socket itself (created upon the socket call, labeled with the label
of the creating process), and the file (created upon the bind call,
labeled in accordance with the usual file labeling behavior).
Connecting to such a socket requires both write access to the file and
connectto permission to the socket. So connectto is a socket-to-socket
(which looks like process-to-process since sockets are labeled based on
creating process and act as proxies/queues between processes) check.
--
Stephen Smalley
National Security Agency