hi all,
i write module for Network Audio System (NAS) in fedora rawhide.
firstly, i think there is not policy for nas, so i write from scratch, but after finishing, i found there is a soundserver module in policy, so i ported my nas policy into this module.
i am not familiar with nas, so i just make some tests for new soundserver policy, especially some tools in nas package, including:
audemo, audial, auinfo, aupanel, auplay......
IMHO, it seems to work well, and there was not any errors about nas in audit messages.
-(:16:13:$)-> rpm -q nas nas-1.9-2.fc7.i386 -(yangshao@Nerazzurri:pts/2)--------------------------------------(~/workBench/selinux/soundserver)-(5/5)- -(:16:13:$)-> ps axZ|grep nas system_u:system_r:soundd_t 2322 ? S 0:00 nasd -b -local system_u:system_r:unconfined_t 4329 pts/2 S+ 0:00 egrep --color -r --exclude=*.svn* nas -(yangshao@Nerazzurri:pts/2)--------------------------------------(~/workBench/selinux/soundserver)-(5/5)- -(:16:13:$)-> rpm -q selinux-policy-targeted selinux-policy-targeted-3.0.4-1.fc8.noarch
please review this patch.
Ken YANG wrote:
hi all,
i write module for Network Audio System (NAS) in fedora rawhide.
firstly, i think there is not policy for nas, so i write from scratch, but after finishing, i found there is a soundserver module in policy, so i ported my nas policy into this module.
i am not familiar with nas, so i just make some tests for new soundserver policy, especially some tools in nas package, including:
audemo, audial, auinfo, aupanel, auplay......
IMHO, it seems to work well, and there was not any errors about nas in audit messages.
First I removed soundd_etc_t and replaced it with etc_t. No reason to create a type for config files, unless you are writing to them, or they have data, that you are trying to prevent other confined domains from reading. Existing soundd policy has this so I am typealiasing in Rawhide.
nasd is creating sockets in /tmp. This is a bad idea. It should be moved to /var/run. This will not work with a polyinstatiated /tmp
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250453
domain_type(soundd_t) domain_entry_file(soundd_t,soundd_exec_t)
Are provided already by
init_daemon_domain(soundd_t,soundd_exec_t)
+manage_sock_files_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t) Includes
+delete_sock_files_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
You did not give the application the ability to create sound_tmp_t files, so this is not necessary. +delete_files_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
I think you need manage_dirs_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
Because the /tmp/.socket does not exist before hand And the only thing you are crearing is a dir so your file trans should look like the following. +files_tmp_filetrans(soundd_t, soundd_tmp_t, dir)
All these rules should change to var_run_t when nasd is fixed to use it.
Daniel J Walsh wrote:
Ken YANG wrote:
hi all,
i write module for Network Audio System (NAS) in fedora rawhide.
firstly, i think there is not policy for nas, so i write from scratch, but after finishing, i found there is a soundserver module in policy, so i ported my nas policy into this module.
i am not familiar with nas, so i just make some tests for new soundserver policy, especially some tools in nas package, including:
audemo, audial, auinfo, aupanel, auplay......
IMHO, it seems to work well, and there was not any errors about nas in audit messages.
First I removed soundd_etc_t and replaced it with etc_t. No reason to create a type for config files, unless you are writing to them, or they have data, that you are trying to prevent other confined domains from reading. Existing soundd policy has this so I am typealiasing in Rawhide.
I had changed policy based on your advice, but i can not find typealiase about etc_t in policy 3.0.4-5, maybe is still in your workbench, hadn't export.
nasd is creating sockets in /tmp. This is a bad idea. It should be moved to /var/run. This will not work with a polyinstatiated /tmp
i add myself to cc-list, so if there are some changes i will modify the policy.
domain_type(soundd_t) domain_entry_file(soundd_t,soundd_exec_t)
Are provided already by
init_daemon_domain(soundd_t,soundd_exec_t)
+manage_sock_files_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t) Includes
+delete_sock_files_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
sorry for my ignorance.
You did not give the application the ability to create sound_tmp_t files, so this is not necessary. +delete_files_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
I think you need manage_dirs_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
Because the /tmp/.socket does not exist before hand And the only thing you are crearing is a dir so your file trans should look like the following. +files_tmp_filetrans(soundd_t, soundd_tmp_t, dir)
All these rules should change to var_run_t when nasd is fixed to use it.
the attach file is the newest patch based on selinux-policy-3.0.4-5, please review it.
sorry for modify late, i just finished a business trip for over 10 days.
i have modified soundserver policy module based on frank bugfix:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250453
the patch is based on selinux-policy-targeted-3.0.5-7.fc8.noarch
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
NZzi