| Main Archive Page > Month Archives > selinux archives |
[PATCH] Permissive domain in userspace (Re: Some ideas in SE-PostgreSQL enhancement)
From: KaiGai Kohei <kaigai_at_nospam>Date: Thu Mar 26 2009 - 08:29:31 GMT
To: method@manicmethod.com, ewalsh@tycho.nsa.gov, jmorris@namei.org
KaiGai Kohei wrote:
> 4. Permissive domain in userspace
>
> It is an issue got sleep for a few months.
> http://marc.info/?l=selinux&m=122337314619667&w=2
It was discussed at the past a bit, but left it for several months.
Now we have a new idea of permissive domain which allows certain domains to work as if being in permissive mode. The in-kernel SELinux can handle it well, but userspace object managers could not handler it because we don't have an interface to tell what domain is permissive.
The attached patches are for the kernel and libselinux.
The kernel patch adds a flags field on av_decision, and returns it as the sixth parameter on the reply of /selinux/access.
The libselinux patch enhance libselinux to understand it, and two new interfaces are added.
- security_compute_av_flags()
- security_compute_av_flags_raw() It also adds a new flags field on av_decision, but it is not touched when we use the existing interfaces due to the binary compatibility.
The standard userspace avc uses _flags interface, instead of existing one, so it enables to control permissive domain.
IIRC, Eamon pointed out that it is preferable to put a new field of 'permissive' than general purpose 'flags'. But it will require interface changes, if we need more state in the future. So, I don't change the implementation.
Please comment anything.
Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.