Joshua Kramer wrote:
Hey, that'd be great! I may also post to the SELinux mailing list.
After looking over the SELinux documentation and some other resources,
here's what I've found.
There are a couple of ways we can go about this. The first way, is to
use pseudo-contexts to load ACL's stored in SELinux into QPid ACL's.
(Here, 'context' means a SELinux context.) To accomplish access control
in this manner, we need to do the following:
1. Create some pseudo-contexts representing QPid objects (things like
queues, exchanges, etc.)
2. Go to a file on the filesystem and read in text-based user names.
3. For each name, compute the target contexts that it is allowed to
access... and convert those into QPid ACL's.
I do not think there is a way to call SELinux and ask it, "give me a
list of all the users in the QPid Type, and the things they can
access..." But I may be mistaken. There are some third-party SELinux
tools for which the source is accessible, so I may peruse those tools.
The second way in which we can integrate SELinux into QPid is a bit more
complicated. Instead of using the built-in ACL's, we can go into the
data structures holding the various QPid objects (queues, exchanges,
etc.) and add elements for SELinux security contexts to each object. We
would then place calls to security_compute_av before each call that
manupulates an object, to determine if that particular operation was
permitted.
We already have calls to the authorise() method on the loaded instance
of AclModule (which is pluggable). Can that not be implemented as a call
to security_compute_av?
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
