50
Chapter 4. Example Policy Reference
dhcpd
fully control just the DHCP lease files in
/var/lib/dhcp/
and not, for example, the
dhclient
files in the same directory.
This shows a case where the policy explicitly does not want a file to gain the default label from
the parent directory. To prevent this, a
type_transition
is put into place to guide the context
when the file is created.
dhcpd_tmp_t
There are several direct rules and transitions for
dhcpd_tmp_t
, and multiple indirect rules
through the attribute
file_type
.
These rules describe how
dhcpd_t
can act upon an object of the type
dhcpd_tmp_t
, which is
the type of the
dhcpd
temporary files in
/tmp/
. For example,
dhcpd_t
can create, read, and
get and set file attributes on files, socket files, and FIFO files that have the type
dhcpd_tmp_t
.
Similar actions can be done with directories (
dir
) and file linking (
lnk_file
):
allow dhcpd_t dhcpd_tmp_t : { file sock_file fifo_file } \
{ create ioctl read getattr lock write setattr append link \
unlink rename };
allow dhcpd_t dhcpd_tmp_t : lnk_file { create read getattr \
setattr link unlink rename };
allow dhcpd_t dhcpd_tmp_t : dir { create read getattr lock \
setattr ioctl link unlink rename search add_name \
remove_name reparent write rmdir };
Having this separate derived type isolates the
dhcpd
temporary files to ensure that only
dhcpd
can read and write these files, and not any other daemon. Similarly, other temporary files are
protected by being in their own type that
dhcpd
cannot access. For example, this protects the
daemon from using a malicious symlink in
/tmp/
.
These rules enable the
dhcpd
daemon to create its files and directories in
/tmp
. The first rule
specifies that when the
dhcpd_t
domain creates a file in a directory with the type
tmp_t
, the new
subdirectory should be labeled with the
dhcpd_tmp_t
type. Similarly, the second rule specifics
the same transition for a file, file link, socket file, or FIFO (named pipe):
type_transition dhcpd_t tmp_t : dir dhcpd_tmp_t;
type_transition dhcpd_t tmp_t : { file lnk_file sock_file \
fifo_file } dhcpd_tmp_t;
The indirect rules are derived from rules associated with the
file_type
attribute. These deal
with allowing file systems to associate default file types, and the manipulation of
file_type
objects such as
dhcpd_tmp_t
by the
unconfined_t
domain:
allow { file_type device_type }
fs_t : filesystem associate;
allow file_type removable_t : filesystem associate;
allow file_type nfs_t : filesystem associate;
allow unconfined_t file_type : filesystem
*;
allow unconfined_t file_type : { dir file lnk_file sock_file \
fifo_file chr_file blk_file } *;
allow unconfined_t file_type : { unix_stream_socket \
unix_dgram_socket } name_bind;
The
dhcpd_tmp_t
type is also influenced by two generic
neverallow
assertions. Assertions
are discussed in Section 2.8 TE Rules Access Vectors.
dhcpd_var_run_t
This security context is also part of the
file_type
attribute and shares those rules with
dhcpd_tmp_t
and others. The direct rules that govern
dhcpd_var_run_t
allow the
dhcpd_t
domain to manipulate files and directories with the
dhcpd_var_run_t
type in the
/var/run/
file system. This is the directory where process IDs exist, and this rule allows for the creation
and manipulation of
/var/run/dhcpd.pid
:
allow dhcpd_t dhcpd_var_run_t : file
{ create ioctl read \
getattr lock write setattr append link unlink rename };
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved