On Wed, 2004-11-24 at 21:28, Colin Walters wrote:
On Wed, 2004-11-24 at 15:47 -0800, Karsten Wade wrote:
> My question about the targeted policy presumes that init re-execs itself
> after loading the policy, whereby it picks up the unconfined_t domain
> from the policy, as defined by a rule in
> /etc/selinux/targeted/src/policy/domains/unconfined.te.
>
> role system_r types unconfined_t;
This just authorizes a role for a type, it doesn't define anything
related to init.
I was looking for a blanket (default) rule that covered everything not
covered by policy in domains/program/*.te.
> What rule tells init to re-exec itself in the targeted policy?
Nothing in the policy tells init to re-exec itself; the code just does
it.
I got started down this pathway from this paragraph in Russell's
article:
from
http://www.redhat.com/magazine/001nov04/features/selinux/
"After the policy is loaded every running process (only init and kernel
threads as the policy is loaded early in the boot) will be assigned the
security context system_u:system_r:kernel_t (NB all kernel threads
started at any time will get that context). Once init has loaded the
policy it will re-exec itself. The policy contains the rule
domain_auto_trans(kernel_t, init_exec_t, init_t). This means that when
the kernel_t domain executes a file of type init_exec_t (for example,
/sbin/init) then the domain will automatically transition to init_t (the
correct domain for /sbin/init). After that init does its usual job and
the system boots. The kernel threads continue running as kernel_t."
This doesn't describe the targeted policy, I get that. I found the
domain_auto_trans in kernel.te and found kernel.te in
domains/misc/unused in the targeted sources, so I drew the conclusion
that the behavior of init is as Russell says but the way it gets it's
context is different.
Do you mean, how does init get the unconfined_t type? See:
[snip ref. to initial_sid_contexts]
This was a part of my question
> In the strict policy there is an explicit transition rule for init. The
> file programs/misc/kernel.te has this rule:
>
> domain_auto_trans(kernel_t, init_exec_t, init_t)
>
> In the targeted policy, kernel.te is in domains/misc/unused, so is not
> called into play. Correct?
Well, kernel_t is actually an alias for init_t in targeted policy,
according to apol.
From domains/unconfined.te:
typealias unconfined_t alias { kernel_t init_t initrc_t sysadm_t rpm_t
rpm_script_t logrotate_t };
Obviously I need to commit a little more time with apol. :)
The kernel starts out as unconfined_t, in my reading
of initial_sid_contexts:
sid kernel user_u:system_r:unconfined_t
Thus there is no transition at all in targeted policy.
init is started with the unconfined_t context? Was this behavior that
changed between FC2 and FC3, or am I missing something fundamental here?
thx - Karsten
--
Karsten Wade, RHCE, Tech Writer
a lemon is just a melon in disguise
http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41