Re: Odd boolean in /etc/selinux/strict/booleans?

Ivan Gyurdiev wrote:

> On Thu, 2005-03-31 at 11:09 -0500, Daniel J Walsh wrote:
>  
>
> > Ivan Gyurdiev wrote:
> >
> >    
> >
> > > > Bad name in the installed file.  It used to be disable_games.  We might 
> > > > want to add a
> > > > boolean back in to prevent users from running games at all.  But we 
> > > > would need to remove
> > > > exec_type from the attribute.
> > > >   
> > > >
> > > >        
> > > Prevent users from running games? Why do we want to do that?
> > > What's wrong with the current approach to doing this...namely..don't
> > > install any games, and then the users won't be running them.
> > >
> > >
> > >
> > >      
> > I am thinking of the situation where you might want to users in a 
> > certain role allowed to play games and others not, on a shared
> > machine.  A more interesting example would be to disallow sysadm from 
> > running games, mozilla ...
> > Basically a user accidently runs mozilla or a game while newroled to 
> > sysadm.  Might be nice to have that error out.
> > Ordinarily a transition happens but still It would be nice to prevent this.
> >    
> I actually see SElinux as suited for the *opposite* phenomenon.
> Particularly, while on a legacy machine running mozilla and company as
> root would not be a very bright idea, on a SElinux-constrained machine
> it shouldn't be so bad (it's confined, how much damage can it do?).
>
>
>
>
>
>  
Well actually the more I think about this, this is the  job of roles.  
But the problem here is
not disable-trans as no exec.  I think we need to maybe stop marking 
certain defined
domains as exec_type.  To prevent all users from being able to execute 
the application
without a transition. 

I think lots of users have had the experience of accidentally running 
something as root when
they did not want too.  Even in your example I disable-trans for games 
and then accidentally
run some game as sysadm, bad things can happen.

Dan


--