Rework shadow transitions and access#902
Rework shadow transitions and access#902aerusso wants to merge 2 commits intoSELinuxProject:mainfrom
Conversation
aerusso
force-pushed
the
mrs/rework-auth-shadow
branch
from
09199c4 to
89766d5
Compare
|
I adjusted the rw_files_pattern macro to allow searching /etc (etc_t), and I think that's causing the lint failure. Should I just have it grant the useless dir search permission for shadow_lock_t, and expect that the etc_t search permission is granted by some other rule? |
|
With these changes have to tested changing a users' password (twice - due to files created after the first change)? And keep in mind that things behave differently in enforcing vs. permissive. |
aerusso
force-pushed
the
mrs/rework-auth-shadow
branch
from
89766d5 to
2333d1c
Compare
|
I've also included some dpkg-specific changes, but (despite running Debian) have not tested them. This is in the final patch, and is motivated by a a read of the update-passwd.c source file. |
pebenito
left a comment
pebenito
left a comment
There was a problem hiding this comment.
Please see existing open comment.
aerusso
force-pushed
the
mrs/rework-auth-shadow
branch
from
2333d1c to
5ad8ee0
Compare
|
I think this is in good shape, though there were a few points I was unclear on. Sorry if I'm being dense on those! |
|
@aerusso are you still working on this? |
There are no directories labeled shadow_lock_t, and therefore is no reason to grant dir:search on shadow_lock_t. Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
shadow access is tightly controlled, with separate types for the shadow files and the locks. This patch distinguishes the two by enumerating the backup filenames and lock file names in their associated file transition rules. Prior to this, the overbroad file transition rules would cause various shadow-manipulating tools to create lock files with the incorrect shadow_t label. Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
aerusso
force-pushed
the
mrs/rework-auth-shadow
branch
from
5ad8ee0 to
2e1dc55
Compare
| ## <param name="name" optional="true"> | ||
| ## <summary> | ||
| ## The name of the object being created. | ||
| ## </summary> | ||
| ## </param> |
There was a problem hiding this comment.
Please keep this block, but add (Deprecated) to the summary, since the interface still responds to the parameter.
Otherwise looks good to me.
3 participants
shadow access is tightly controlled, with separate types for the shadow files and the locks. This patch distinguishes the two by enumerating the backup filenames and lock file names in their associated file transition rules.
Prior to this, the overbroad file transition rules would cause various shadow-manipulating tools to create lock files with the incorrect shadow_t label.