Application authorisations
Daniel J Walsh
dwalsh at redhat.com
Thu Apr 29 07:44:09 PDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/29/2010 09:15 AM, Bastien Nocera wrote:
> On Thu, 2010-04-29 at 07:55 -0400, Daniel J Walsh wrote:
> <snip>
>> If you really want to secure it, you can use SELinux/Polkit/dbus to put
>> a label on the executable on the client side and only allow clients with
>> this label to communicate with the server through dbus.
>
> Is that something that's possible at the dbus level, or would it be
> implemented in polkit or the application? Can't a normal user change the
> labels of the binaries they own?
>
If you are running with confined users, then the user can only change
labels from/to labels that he controls. Which means depending on how
you write the policy yes and no. If the users are unconfined_t then
they can. If you defined a label geo_client_exec_t and confined your
users with staff_t or user_t, then they could be allowed/denied the
right to execute geo_client_exec_t and it would transition to
geo_client_t. You policy would also state that only geo_client_t can
dbus communicate with a service running as geo_service_t. The confined
user would not be allowed to relabel any files to geo_client_exec_t,
giving your guarantee.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvZmzkACgkQrlYvE4MpobMRCACePqbY4gyZd7pDAfmnkk/tFmwH
kZsAn1L89+m8M+dVrGbNC+9/zYODTcPG
=Gmb1
-----END PGP SIGNATURE-----
More information about the dbus
mailing list