[OpenAFS] selinux afs domain v 0.2

Mon, 20 Jan 2003 17:07:53 -0800 

With thanks to Russell Coker, I've got an improved - doubtless still far
from perfect - policy for afs client operation.

I've attached from /etc/security/selinux/src/policy

domains/program/afsd.te          # the bulk of the policy
file_contexts/program/afsd.fc    # define the /usr/sbin/afsd type
types/afs.te                     # provide policy distinctions for /afs
                                 # and local / non-local domains

Additionally, note the following changes:

genfs_contexts                  # provides labeling to non-PSID filesystems

# afs
genfscon afs /                                   system_u:object_r:afs_t

# local afs files (httpd_t is not allowed outside this)
genfscon afs /afsdomain.org.dom                  system_u:object_r:afs_loc_t

# (e.g.) a place where trusted binaries might reside
genfscon afs /afsdomain.org.dom/usr/local/bin    system_u:object_r:afs_loc_tbin_t

-----

domains/program/mount.te                    #added:

allow mount_t kernel_t:process { sigkill };

# when /afs is unmounted I assume VFS is providing the magic for the kill to
# be sent to afsd. Would it be better (possible?) to limit this to only killing
# the afsd_t process?

-----


types/file.te:                              #afsd needs to write 
/usr/etc/openafs/AFSLog

# usr_etc_log_t is created primarily for afsd which
# wants to keep a log in /usr/etc/openafs

type usr_etc_log_t, file_type, sysadmfile;

------

Fixes vs. prior email.

usr_etc_log_t type removes error allowing afsd write-permission to most of /etc

Having corrected the policy (using every_domain() macro) the incorrect initrc.te 
hack is now fixed. 

Added exemplar site-specific types and policy enforcements for local and remote
afs data.


Next steps:

1.  Running volume location and fileserver under the selinux kernel.

The creation of the .../security directory and the included inode index files 
has a fairly high chance of breaking the fileserver volume operation.

Afs volume partitions on linux are in ext2fs but must never be treated
as regular filesystems, and fsck will destroy the volume data.

2.  Possible generation of a policy for AFS tokens stored in kernel memory.

Currently all selinux roles will have the same access to the afs tokens. This
is workable but providing a TE policy might be useful.

Attachment: afsd.te
Description: Binary data

Attachment: afsd.fc
Description: Binary data

Attachment: afs.te
Description: Binary data

Reply via email to