Helper program for a daemon
Jan-Frode Myklebust
janfrode at tanso.net
Wed Apr 25 22:37:41 UTC 2007
On 2007-04-24, Al Pacifico <adpacifico at users.sourceforge.net> wrote:
>> That depends on your security goals. If you want the slimserver-scanner
>> to have the same privs as slimserver you would label it sbin_t and allow
>> slimserver to corecmd_exec_sbin(). If you want to go with least privs,
>> you would create a new policy for slimserver-scanner
>> (slimserver_scanner_t with file context of slimserver_scanner_exec_t)
>> and then add a rule to slimserver_t to domtrans
>> slimserver_scanner_domtrans(slimserver_t)
>
>
> I'm a little confused about this. I want to limit privileges of slimserver
> and slimserver-scanner to accessing only certain files. If I label
> slimserver-scanner as 'sbin_t', when a user executes slimserver-scanner,
> won't he/she have more privileges than slimserver then?
Yes.
If you want slimserver-scanner to have less privileges when executed
interactively by a user, you'll need to create a new domain for (i.e.
not sbin_t), and transition into this domain when the user exec it.
But, why would you want that? All it's doing is reading the mp3-files,
and updating a database. If you limit the scanners privileges, your
users can still step outside of this by "cp /usr/sbin/slimserver-scanner
/tmp/slimserver-scanner"..
I would aim at confining the main web-based slimserver, and make sure
the slimserver-scanner executed within this process doesn't get more
privileges than absolutely necessary.
-jf
More information about the selinux
mailing list