begin quoting Tracy R Reed as of Tue, Jul 26, 2005 at 12:19:52PM -0700: > Stewart Stremler wrote: > > Why should applications be aware of SE Linux? I don't like the idea of > > applications changing behavior to adapt to my security policies... they > > should complain with useful error messages when denied access to a resource, > > and degrade gracefully. > > Well, they really shouldn't. But they should complain with a useful > error message and degrade gracefully as you point out. The problem is > that they currently do not do this due to SE Linux blocking things in > ways that the application does not expect or check for. I think the
The question that comes to my mind is "COULD the application check for those errors, and they just didn't bother?" > problem may actually be libc. If you call open() on a file and a unix > permission causes a denial you get ERRNO set to EPERM and you can check > for that. But if SE Linux denies the operation ERRNO does not get set > and the application goes happily on its way behaving erratically. So open() returns a file descriptor to /dev/null or somesuch? Hm... Java-style exceptions are nice (I've been playing with running stuff in a Java sandbox). Although... a lot of open-source java programmers seem enamoured of using their own classloader for some unknown reason. And allowing arbitrary classloaders breaks the sandbox. Just because I *know* what is causing the error doesn't mean it's always fixable... > > (Even uid-0 checks are troublesome. If I don't wanna run a program as > > root, why should the program force me to? Especially if I've arranged > > things so that it has read/write permission in all the places it needs?) > > I suspect they are coding with the best of intentions although it > inconveniences you as you are a special case. Most people will I'm always a special case, it seems. :) > accidentally start the program as a normal user and then wonder why it > doesn't work so they code in a uid 0 check. Querying the user and asking "Do you want to proceed anyway (Y/n)?" seems more productive. Didn't programs _used_ to do that sort of thing? > > Yeah, getting feedback is annoying. > > > > Hm... perhaps pop up an xconsole-like window if the DISPLAY is set to > > report on the SELinux-related error messages when a program is run.... > > Not a bad idea although what would pop up the xconsole-like window? > Something somewhere has to be notified. I guess you could have a daemon > tailing the log or watching dmesg or something. That's basically xconsole. I was thinking of an SELinux-enabled loader; when exec() is called in an SELinux environment with a display, a small window would be created (titled with the application running) to display SELinux-related log messages. -Stewart "Beware fork-bombs!" Stremler
pgpD6JrS0T0GF.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
