• 1

Re: should runcon/chcon be priviledged commands ?

runcon and chcon do not add any priv they just execute the libselinux api. The kernel is responsible for checking whether on not a type is able to change the context from one context to another.

Similary, the kernel/policy will control whether one process can transition to another process.

From an SELinux point of view running as UID=0 means NOTHING. There is no concept of Privledged in the DAC sense.

Re: should runcon/chcon be priviledged commands ?

Alternatively .. shouldn't modifying the file security context be a priviledged operation ? I've never had a use for letting non-admins modify these labels, and always assumed they were managed by the central file_context policy..

Re: should runcon/chcon be priviledged commands ?

Well the type enforcement rules are controling what labels they can relabel from and what labels they can relabel to.

So a user_t user might be allowed to relabelfrom user_home_t to httpd_user_content_t to allow them to make content available to apache from within their home dir.

This is very different then the way traditional MLS machines worked. So they are not changing the sensitivity level of data, they are just labeling data from one type they control to another.

  • 1
?

Log in