Sorry for the late. I tried to implement an engine module which also provides access control feature based on SELinux. Right now, it does not have any design problems and works fine.
At the first, I had a plan that selinux_engine.so provides only access control features, so any actual key/value stores are pushed to any other engine modules like the bucket system. However, it was a hard way because here is no guarantee an item which contains security label in text representation being never wiped out. So, I also implement its own storage engine that enables to associate a security label for each items. Step to use: (we assume engine based memcached is installed at: /usr/local/memcached ) % svn co http://sepgsql.googlecode.com/svn/trunk/memcached selinux-engine % cd selinux-engine % make && make install % /usr/local/memcached/bin/memcached -E selinux_engine.so \ -s /tmp/memcached.sock Example of usage: [kai...@saba ~]$ runcon -l s0 mcdclient.php add abc 'hello world' unix:///tmp/memcached.sock success to add [key:abc, value:hello world] [kai...@saba ~]$ runcon -l s0:c0 -- mcdclient.php add xyz 'i like curry' unix:///tmp/memcached.sock success to add [key:xyz, value:i like curry] [kai...@saba ~]$ runcon -l s0:c1 -- mcdclient.php add zzz 'i like coke' unix:///tmp/memcached.sock success to add [key:zzz, value:i like coke] (*) runcon allows to launch a program with more restrict privileges. In this case, default label of the item is same as client's label. [kai...@saba ~]$ runcon -l s0 -- mcdclient.php get abc unix:///tmp/memcached.sock 'abc' => 'hello world' [kai...@saba ~]$ runcon -l s0 -- mcdclient.php get xyz unix:///tmp/memcached.sock no entry for 'xyz' [kai...@saba ~]$ runcon -l s0 -- mcdclient.php get zzz unix:///tmp/memcached.sock no entry for 'zzz' The 's0' domain dominates 's0', but not both of 's0:c0' and 's0:c1', so 'xyz' and 'zzz' are invisible. The debug log also shows: uavc: denied { read } for scontext=unconfined_u:unconfined_r:unconfined_t:s0 \ tcontext=unconfined_u:object_r:sepgsql_blob_t:s0:c0 tclass=db_blob [kai...@saba ~]$ runcon -l s0:c0 -- mcdclient.php get abc unix:///tmp/memcached.sock 'abc' => 'hello world' [kai...@saba ~]$ runcon -l s0:c0 -- mcdclient.php get xyz unix:///tmp/memcached.sock 'xyz' => 'i like curry' [kai...@saba ~]$ runcon -l s0:c0 -- mcdclient.php get zzz unix:///tmp/memcached.sock no entry for 'zzz' The 's0:c0' domain dominates 's0' and 's0:c0', but not 's0:c1', so 'zzz' is invisible. [kai...@saba ~]$ runcon -l s0:c1 -- mcdclient.php get abc unix:///tmp/memcached.sock 'abc' => 'hello world' [kai...@saba ~]$ runcon -l s0:c1 -- mcdclient.php get xyz unix:///tmp/memcached.sock no entry for 'xyz' [kai...@saba ~]$ runcon -l s0:c1 -- mcdclient.php get zzz unix:///tmp/memcached.sock 'zzz' => 'i like coke' The 's0:c1' domain dominates 's0' and 's0:c1', but not 's0:c0', so 'xyz' is invisible. Thanks, -- KaiGai Kohei <[email protected]>
