On Fri, Dec 12, 2008 at 10:33:44AM -0500, Michael DeHaan wrote: > Anton Arapov wrote: > > On Thu, Dec 11, 2008 at 11:40:25AM -0500, Michael DeHaan wrote: > > > >> Anton Arapov wrote: > >> > >> > > Anton, > > I'm pretty sure it's fine for applications to be ensuring that contexts > are set right, so the earlier things seem fine to me, though it also > seems that we would be better served having a SELinux policy written for > koan, and having that shipped with koan (and possibly installed by the > RPM -- or providing instructions for it do so). Perhaps we can follow > that tactic instead? > > This would have the benefit of also being able to move koan out of being > unconfined, which may actually /improve/ security in a few regards > (except of course koan's there to reinstall your system if you use > --replace-self so it's a bit illusory to assume that's why we're doing > it). The policy would need to be very open ended because koan can > install files with it's --update-files feature and also manipulate grub? > > Does that make sense?
Michael, I did some investigations today, and have had a chance to speak to Dan Walsh, our selinux guru. And the concern is that we have mentioned by me selinux restrictions with semanage just because of tricky implementation of the logging(how we log things to ~/.koan/koan.log) and another one, seems we have problem in sub_process, it leaves filedescriptor open.... I will dive into it this weeked and will come up with solution. If there will be the neeed of setting some context to the koan script, probably..... but I do not think so. :) -- Anton _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
