Gordon Sim wrote:
Joshua Kramer wrote:
Hey, that'd be great! I may also post to the SELinux mailing list.
After looking over the SELinux documentation and some other
resources, here's what I've found.
There are a couple of ways we can go about this. The first way, is
to use pseudo-contexts to load ACL's stored in SELinux into QPid
ACL's. (Here, 'context' means a SELinux context.) To accomplish
access control in this manner, we need to do the following:
1. Create some pseudo-contexts representing QPid objects (things like
queues, exchanges, etc.)
2. Go to a file on the filesystem and read in text-based user names.
3. For each name, compute the target contexts that it is allowed to
access... and convert those into QPid ACL's.
I do not think there is a way to call SELinux and ask it, "give me a
list of all the users in the QPid Type, and the things they can
access..." But I may be mistaken. There are some third-party
SELinux tools for which the source is accessible, so I may peruse
those tools.
The second way in which we can integrate SELinux into QPid is a bit
more complicated. Instead of using the built-in ACL's, we can go
into the data structures holding the various QPid objects (queues,
exchanges, etc.) and add elements for SELinux security contexts to
each object. We would then place calls to security_compute_av before
each call that manupulates an object, to determine if that particular
operation was permitted.
We already have calls to the authorise() method on the loaded instance
of AclModule (which is pluggable). Can that not be implemented as a
call to security_compute_av?
yea, I think we might have enough abstraction. We might need to add a
map of IDs to the object list for SELinux. If that is needed I can
volunteer to do that
Carl.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
