On 2023-07-05 09:36, Russell Coker wrote:
On Monday, 3 July 2023 22:37:35 AEST Russell Coker wrote:
https://wiki.debian.org/ReleaseGoals/SystemdAnalyzeSecurity
People have asked how hard it is to create policy for daemons. For an
individual to create them it's a moderate amount of work, 1-2 hours per
daemon
which is a lot considering the dozens of daemons that people use. But
for a
group of people it's not a big deal, it's almost nothing compared to
the scale
of Debian development work. The work that I've done writing SE Linux
policy
for daemons is significantly greater than what I'd like the collective
of DDs
to do in this regard.
My fear here would be that you are not in control of what your
dependencies are doing. This is especially true if you think of NIS and
PAM, where libraries are dlopen()ed and can spawn arbitrary helper
binaries. I remember openssh installing a syscall filter for its auth
binary and then it failed with certain PAM modules (see also your
allow_ypbind example). So we should also not be too limiting when
sandboxing daemons.
Kind regards
Philipp Kern
