[DSE-Dev] refpolicy: domains need access to the apt's pty and fifos

[Russell Coker]

On Thursday 06 March 2008 23:13, Erich Schubert <erich at debian.org> wrote:
> > > It would definitely help to have separate apt_t and apt_script_t
> > > domains, though, to be able to differentiate access for installation
> > > scripts and the package manager itself.
> >
> > What meaningful restrictions can be applied to one but not the other?
>
> I agree with you that we would currently have to allow pretty much any
> access by apt_script_t, unfortunately. Sorry for mixing up apt and dpkg
> again in that post btw, yes, it sould be dpkg_t and dpkg_script_t,
> obviously.
> No, I can't really think of ways to restrict dpkg_script_t apart from
> not messing with the dpkg_t state files. Maybe we could make some policy

But given that dpkg_script_t can make all manner of other changes (including 
loading a SE Linux policy) it seems rather minor to restrict access to dpkg 
state files.

> that /usr is to be modified by dpkg_t only whereas dynamically generated
> files have to reside in /var, but I doubt this would currently hold.

It's a standard practice to convert the data files under /var in an upgrade.

> And after all, dpkg_script_t needs to be able to even add users
> to /etc/passwd (although through the helper applications, not directly).

Yes.

In fact while we have unconfined_t, the benefit of having a separate dpkg_t 
instead of using unconfined_t for installing packages doesn't seem 
significant.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development