[DSE-Dev] refpolicy: domains need access to the apt's pty and fifos

Erich Schubert erich at debian.org
Wed Mar 5 16:24:28 UTC 2008


Hi,
Back when I did the initial apt_t policy, I was considering to setup
domains such as apt_script_t and run the package installation scripts in
this domain. This would have been similar to the rpm_script_t domain.
However getting the files in /var/lib/dpkg/info/ labeled correctly would
probably have required some patches to dpkg. There are non-executable
files in there as well, and I'm not sure if you'd want to mix them up.
For example, there are files there storing reference md5sums, or listing
package contents. apt_script_exec_t doesn't sound appropriate for them.
But having them in the same directory means we can't use automatic file
type transitions.

The amount of things done in postinst scripts is one of the things that
really scares me from a security point of view. It might be very
valuable to use a tight SELinux policy to restrict these scripts,
however when it comes down to having a SELinux policy package update it
becomes a Catch-22 somewhat.
It would definitely help to have separate apt_t and apt_script_t
domains, though, to be able to differentiate access for installation
scripts and the package manager itself.

P.S. Thanks for the great work you've been doing on the SELinux policy
for Debian these days! THANKS!

best regards,
Erich Schubert
-- 
    erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C   (o_
   There was never a good war or a bad peace. - Benjamin Franklin   //\
          Liebe ist eine schwere Geisteskrankheit (Platon)          V_/_




More information about the SELinux-devel mailing list